alen_soft — ttplayer |
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. |
2023-12-07 |
not yet calculated |
CVE-2023-48861 |
ami — aptiov |
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. |
2023-12-06 |
not yet calculated |
CVE-2023-39538 |
ami — aptiov |
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. |
2023-12-06 |
not yet calculated |
CVE-2023-39539 |
apache — ofbiz |
Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 |
2023-12-05 |
not yet calculated |
CVE-2023-49070
|
apache — struts |
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. |
2023-12-05 |
not yet calculated |
CVE-2023-41835
|
apache — struts |
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
2023-12-07 |
not yet calculated |
CVE-2023-50164
|
arista_networks — mos |
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. |
2023-12-06 |
not yet calculated |
CVE-2023-24547 |
atlassian — assets_discovery_cloud |
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. |
2023-12-06 |
not yet calculated |
CVE-2023-22523
|
atlassian — companion_for_mac |
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. |
2023-12-06 |
not yet calculated |
CVE-2023-22524
|
atlassian — confluence_data_center |
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
2023-12-06 |
not yet calculated |
CVE-2023-22522
|
atos_unify — openscape_session_border_controller |
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products “Session Border Controller” (SBC) and “Branch”, before version V10 R3.4.0, and OpenScape “BCF” before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user. |
2023-12-05 |
not yet calculated |
CVE-2023-6269
|
availability_booking_calendar — availability_booking_calendar |
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. |
2023-12-07 |
not yet calculated |
CVE-2023-48207 |
bitcoin_core/bitcoin_knots — bitcoin_core/bitcoin_knots |
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. |
2023-12-09 |
not yet calculated |
CVE-2023-50428
|
bluez — blulez |
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. |
2023-12-08 |
not yet calculated |
CVE-2023-45866
|
brocade — brocade_switches |
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. |
2023-12-06 |
not yet calculated |
CVE-2021-27795 |
buildroot — buildroot |
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. |
2023-12-05 |
not yet calculated |
CVE-2023-43608
|
buildroot — buildroot |
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `aufs` package. |
2023-12-05 |
not yet calculated |
CVE-2023-45838
|
buildroot — buildroot |
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `aufs-util` package. |
2023-12-05 |
not yet calculated |
CVE-2023-45839
|
buildroot — buildroot |
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `riscv64-elf-toolchain` package. |
2023-12-05 |
not yet calculated |
CVE-2023-45840
|
buildroot — buildroot |
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `versal-firmware` package. |
2023-12-05 |
not yet calculated |
CVE-2023-45841
|
buildroot — buildroot |
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `mxsldr` package. |
2023-12-05 |
not yet calculated |
CVE-2023-45842
|
byzoro — patrolflow_2530pro_firmware |
A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6577
|
byzoro — smart_s20_firmware |
A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6574
|
byzoro — smart_s210_firmware |
A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6575
|
byzoro — smart_s210_firmware |
A vulnerability was found in Beijing Baichuo S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6576
|
candid — candid |
The Candid library causes a Denial of Service while parsing a specially crafted payload with ’empty’ data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected. |
2023-12-08 |
not yet calculated |
CVE-2023-6245
|
cloudflare — tokio-boring |
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. |
2023-12-05 |
not yet calculated |
CVE-2023-6180 |
collabora_online — collabora_online |
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online – Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-08 |
not yet calculated |
CVE-2023-49782
|
collabora_online — collabora_online |
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-08 |
not yet calculated |
CVE-2023-49788 |
commscope,_inc. — zonedirector |
A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. |
2023-12-07 |
not yet calculated |
CVE-2023-49225
|
controlbyweb — x-332-24i |
The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user’s session. |
2023-12-07 |
not yet calculated |
CVE-2023-6333 |
curl — curl |
This flaw allows a malicious HTTP server to set “super cookies” in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl’s function that verifies a given cookie domain against the Public Suffix List (PSL). For example, a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. |
2023-12-07 |
not yet calculated |
CVE-2023-46218
|
d-link — dar-7000 |
A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6581
|
d-link — dir-846 |
A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6580
|
daicuo — daicuo |
A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
2023-12-06 |
not yet calculated |
CVE-2023-48940
|
dedecms — dedecms |
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. |
2023-12-07 |
not yet calculated |
CVE-2023-49492 |
dedecms — dedecms
|
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. |
2023-12-07 |
not yet calculated |
CVE-2023-49493 |
dell — dell_networking_os10 |
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
2023-12-05 |
not yet calculated |
CVE-2023-39248 |
dell — inspiron_15 |
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker’s fingerprint. |
2023-12-09 |
not yet calculated |
CVE-2023-50430 |
dell — poweredge_bios |
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. |
2023-12-05 |
not yet calculated |
CVE-2023-44297 |
dell — poweredge_bios |
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. |
2023-12-05 |
not yet calculated |
CVE-2023-44298 |
dell — poweredge_platform |
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. |
2023-12-08 |
not yet calculated |
CVE-2023-32460 |
dell — powerscale_onefs |
Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. |
2023-12-05 |
not yet calculated |
CVE-2023-44288 |
dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. |
2023-12-05 |
not yet calculated |
CVE-2023-44295 |
devolutions — remote_desktop_manager |
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. |
2023-12-06 |
not yet calculated |
CVE-2023-6288 |
devolutions — workspace |
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. |
2023-12-07 |
not yet calculated |
CVE-2023-6588 |
doracms — doracms |
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. |
2023-12-08 |
not yet calculated |
CVE-2023-49443 |
doracms — doracms |
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. |
2023-12-08 |
not yet calculated |
CVE-2023-49444 |
draytek — vigor167 |
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. |
2023-12-09 |
not yet calculated |
CVE-2023-47254
|
dreamer_cms — dreamer_cms |
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. |
2023-12-08 |
not yet calculated |
CVE-2023-49484 |
elastic — elasticsearch-hadoop |
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue. |
2023-12-05 |
not yet calculated |
CVE-2023-46674 |
ericsson — evolved_packet_gateway |
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. |
2023-12-05 |
not yet calculated |
CVE-2022-47531 |
ericsson — network_manager |
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. |
2023-12-07 |
not yet calculated |
CVE-2023-39909 |
espocrm — espocrm |
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-05 |
not yet calculated |
CVE-2023-46736
|
etsi — tetra_standard |
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. |
2023-12-05 |
not yet calculated |
CVE-2022-24403 |
evershop_npm — evershop_npm |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. |
2023-12-08 |
not yet calculated |
CVE-2023-46493
|
evershop_npm — evershop_npm |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. |
2023-12-08 |
not yet calculated |
CVE-2023-46494
|
evershop_npm — evershop_npm |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. |
2023-12-08 |
not yet calculated |
CVE-2023-46495
|
evershop_npm — evershop_npm |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. |
2023-12-08 |
not yet calculated |
CVE-2023-46496
|
evershop_npm — evershop_npm |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. |
2023-12-08 |
not yet calculated |
CVE-2023-46497
|
evershop_npm — evershop_npm |
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. |
2023-12-08 |
not yet calculated |
CVE-2023-46498
|
evershop_npm — evershop_npm |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. |
2023-12-08 |
not yet calculated |
CVE-2023-46499
|
filerun — filerun |
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. |
2023-12-06 |
not yet calculated |
CVE-2023-28875
|
filerun — filerun |
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. |
2023-12-06 |
not yet calculated |
CVE-2023-28876
|
formalms — formalms |
Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. |
2023-12-07 |
not yet calculated |
CVE-2023-46693 |
franklin_electric_fueling_systems — sentinel_anyware |
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The ‘path’ parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. |
2023-12-08 |
not yet calculated |
CVE-2023-48928 |
franklin_electric_fueling_systems — sentinel_anyware |
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The ‘sid’ parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. |
2023-12-08 |
not yet calculated |
CVE-2023-48929 |
fxc_inc. — ae1021pe |
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. |
2023-12-06 |
not yet calculated |
CVE-2023-49897
|
gladys_assistant — gladys_assistant |
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. |
2023-12-07 |
not yet calculated |
CVE-2023-47440
|
go_standard_library — crypto/tls |
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. |
2023-12-05 |
not yet calculated |
CVE-2023-45287
|
go_standard_library — net/http/internal |
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. |
2023-12-06 |
not yet calculated |
CVE-2023-39326
|
go_toolchain — cmd/go |
Using go get to fetch a module with the “.git” suffix may unexpectedly fallback to the insecure “git://” protocol if the module is unavailable via the secure “https://” and “git+ssh://” protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off). |
2023-12-06 |
not yet calculated |
CVE-2023-45285
|
google — android |
Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. |
2023-12-05 |
not yet calculated |
CVE-2023-42577 |
google — android |
Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack. |
2023-12-05 |
not yet calculated |
CVE-2023-42579 |
google — android |
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48397 |
google — android |
In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48398 |
google — android |
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48399 |
google — android |
In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48401 |
google — android |
In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48402 |
google — android |
In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48403 |
google — android |
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48404 |
google — android |
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48405 |
google — android |
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48406 |
google — android |
there is a possible DCK won’t be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48407 |
google — android |
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48408 |
google — android |
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48409 |
google — android |
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48410 |
google — android |
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48411 |
google — android |
In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48412 |
google — android |
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48413 |
google — android |
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48414 |
google — android |
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48415 |
google — android |
In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48416 |
google — android |
There is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48420 |
google — android |
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48421 |
google — android |
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48422 |
google — android |
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-12-08 |
not yet calculated |
CVE-2023-48423 |
google — chrome |
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
2023-12-06 |
not yet calculated |
CVE-2023-6508
|
google — chrome |
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) |
2023-12-06 |
not yet calculated |
CVE-2023-6509
|
google — chrome |
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) |
2023-12-06 |
not yet calculated |
CVE-2023-6510
|
google — chrome |
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) |
2023-12-06 |
not yet calculated |
CVE-2023-6511
|
google — chrome |
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) |
2023-12-06 |
not yet calculated |
CVE-2023-6512
|
gpac — gpac |
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. |
2023-12-07 |
not yet calculated |
CVE-2023-46871
|
gpac — gpac |
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. |
2023-12-09 |
not yet calculated |
CVE-2023-46932 |
gpac — gpac |
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. |
2023-12-09 |
not yet calculated |
CVE-2023-47465 |
gpac — gpac |
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. |
2023-12-07 |
not yet calculated |
CVE-2023-48958
|
gpsd — gpsd |
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. |
2023-12-05 |
not yet calculated |
CVE-2023-43628 |
hashicorp — vault/vault_enterprise |
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. |
2023-12-08 |
not yet calculated |
CVE-2023-6337 |
hcl_software — hcl_connections |
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user’s account then launch other attacks. |
2023-12-07 |
not yet calculated |
CVE-2023-28017 |
huawei — ajmd-370s |
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of this vulnerability may allow attackers to access restricted functions. |
2023-12-06 |
not yet calculated |
CVE-2023-6514 |
huawei — harmonyos |
Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. |
2023-12-06 |
not yet calculated |
CVE-2023-44099
|
huawei — harmonyos |
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-44113
|
huawei — harmonyos |
Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. |
2023-12-06 |
not yet calculated |
CVE-2023-46773
|
huawei — harmonyos |
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49239
|
huawei — harmonyos |
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49240
|
huawei — harmonyos |
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49241
|
huawei — harmonyos |
Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49242
|
huawei — harmonyos |
Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49243
|
huawei — harmonyos |
Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49244
|
huawei — harmonyos |
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49245
|
huawei — harmonyos |
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49246
|
huawei — harmonyos |
Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. |
2023-12-06 |
not yet calculated |
CVE-2023-49247
|
huawei — harmonyos |
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. |
2023-12-06 |
not yet calculated |
CVE-2023-49248
|
huawei — harmonyos |
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. |
2023-12-06 |
not yet calculated |
CVE-2023-6273
|
ibm — api_connect |
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. |
2023-12-09 |
not yet calculated |
CVE-2023-47722
|
ibm — informix_dynamic_server |
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. |
2023-12-09 |
not yet calculated |
CVE-2023-28523
|
ibm — informix_dynamic_server |
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. |
2023-12-09 |
not yet calculated |
CVE-2023-28526
|
ibm — informix_dynamic_server |
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. |
2023-12-09 |
not yet calculated |
CVE-2023-28527
|
iconics — scada_software_iconics_suite |
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll |
2023-12-08 |
not yet calculated |
CVE-2023-6061 |
implem_inc. — pleasanter |
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user’s web browser. |
2023-12-06 |
not yet calculated |
CVE-2023-34439
|
implem_inc. — pleasanter |
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. |
2023-12-06 |
not yet calculated |
CVE-2023-45210
|
implem_inc. — pleasanter |
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. |
2023-12-06 |
not yet calculated |
CVE-2023-46688
|
insyde — insyde520
|
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. |
2023-12-07 |
not yet calculated |
CVE-2023-40238
|
iterative — pydrive2 |
PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-05 |
not yet calculated |
CVE-2023-49297
|
jellyfin — jellyfin |
Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos//stream` and `/Videos//stream.` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It’s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn’t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can’t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-06 |
not yet calculated |
CVE-2023-49096
|
jfinalcms — jfinalcms |
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. |
2023-12-08 |
not yet calculated |
CVE-2023-49485 |
jfinalcms — jfinalcms |
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. |
2023-12-08 |
not yet calculated |
CVE-2023-49486 |
jfinalcms — jfinalcms |
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. |
2023-12-08 |
not yet calculated |
CVE-2023-49487 |
johnson_controls — metasys_nae55/sne/snc |
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. |
2023-12-07 |
not yet calculated |
CVE-2023-4486
|
jorani_leave_management_system — jorani_leave_management_system |
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. |
2023-12-07 |
not yet calculated |
CVE-2023-48205 |
jupyterhub — dockerspawner |
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. |
2023-12-08 |
not yet calculated |
CVE-2023-48311
|
libde265 — libde265 |
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. |
2023-12-07 |
not yet calculated |
CVE-2023-49465 |
libde265 — libde265 |
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. |
2023-12-07 |
not yet calculated |
CVE-2023-49467 |
libde265 — libde265 |
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. |
2023-12-07 |
not yet calculated |
CVE-2023-49468 |
libheif — libheif |
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. |
2023-12-07 |
not yet calculated |
CVE-2023-49460 |
libheif — libheif |
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. |
2023-12-07 |
not yet calculated |
CVE-2023-49462 |
libheif — libheif |
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. |
2023-12-07 |
not yet calculated |
CVE-2023-49463
|
libheif — libheif |
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. |
2023-12-07 |
not yet calculated |
CVE-2023-49464 |
linkding — linkding |
A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. |
2023-12-09 |
not yet calculated |
CVE-2023-6646
|
linux — kernel |
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. |
2023-12-09 |
not yet calculated |
CVE-2023-6560
|
linux — kernel |
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. |
2023-12-08 |
not yet calculated |
CVE-2023-6606
|
linux — kernel |
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. |
2023-12-08 |
not yet calculated |
CVE-2023-6610
|
linux — kernel |
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. |
2023-12-08 |
not yet calculated |
CVE-2023-6622
|
linux — kernel
|
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. |
2023-12-09 |
not yet calculated |
CVE-2023-50431 |
ly_corp. — line_app |
An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43298 |
ly_corp. — line_app |
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43299 |
ly_corp. — line_app |
An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43300 |
ly_corp. — line_app |
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43301 |
ly_corp. — line_app |
An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43302 |
ly_corp. — line_app |
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43303 |
ly_corp. — line_app |
An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-07 |
not yet calculated |
CVE-2023-43304 |
ly_corp. — line_app |
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2023-12-08 |
not yet calculated |
CVE-2023-43305 |
mattermost — mattermost |
Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal. |
2023-12-06 |
not yet calculated |
CVE-2023-6458 |
mattermost — mattermost |
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs. |
2023-12-06 |
not yet calculated |
CVE-2023-6459 |
maxima_watches — maxima_max_pro_power |
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. |
2023-12-07 |
not yet calculated |
CVE-2023-46916
|
mgt-commerce — cloudpanel |
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. |
2023-12-08 |
not yet calculated |
CVE-2023-46157
|
micro_focus — arcsight_management_center |
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). |
2023-12-09 |
not yet calculated |
CVE-2020-25835 |
microsoft — azure_rtos_usbx |
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-05 |
not yet calculated |
CVE-2023-48698 |
microsoftgraph — msgraph-sdk-php |
msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function. |
2023-12-05 |
not yet calculated |
CVE-2023-49282
|
microsoftgraph — msgraph-sdk-php |
microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php`. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in version 2.0.2. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php` file, remove access to the /vendor directory, or disable the phpinfo function |
2023-12-05 |
not yet calculated |
CVE-2023-49283
|
microweber — microweber |
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. |
2023-12-08 |
not yet calculated |
CVE-2023-48122
|
microweber — microweber |
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. |
2023-12-07 |
not yet calculated |
CVE-2023-6566
|
microweber — microweber |
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. |
2023-12-08 |
not yet calculated |
CVE-2023-6599
|
mlflow — mlflow |
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. |
2023-12-05 |
not yet calculated |
CVE-2023-43472 |
mockjs — mockjs |
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if ([“__proto__”, “constructor”, “prototype”].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if ([“__proto__”, “constructor”, “prototype”].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target } |
2023-12-08 |
not yet calculated |
CVE-2023-26158
|
ncp_engineering_gmbh — secure_enterprise_client |
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. |
2023-12-09 |
not yet calculated |
CVE-2023-28868 |
ncp_engineering_gmbh — secure_enterprise_client |
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. |
2023-12-09 |
not yet calculated |
CVE-2023-28869 |
ncp_engineering_gmbh — secure_enterprise_client |
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. |
2023-12-09 |
not yet calculated |
CVE-2023-28870 |
ncp_engineering_gmbh — secure_enterprise_client |
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. |
2023-12-09 |
not yet calculated |
CVE-2023-28871 |
netgate — pfsense_plus/pfsense_ce |
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. |
2023-12-06 |
not yet calculated |
CVE-2023-48123
|
netgear — orbi_rbr750 |
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. |
2023-12-08 |
not yet calculated |
CVE-2023-49007 |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). |
2023-12-07 |
not yet calculated |
CVE-2023-41168 |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). |
2023-12-07 |
not yet calculated |
CVE-2023-41169 |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. |
2023-12-07 |
not yet calculated |
CVE-2023-41170 |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). |
2023-12-07 |
not yet calculated |
CVE-2023-41171 |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). |
2023-12-07 |
not yet calculated |
CVE-2023-41172 |
netscout — ngeniusone |
NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. |
2023-12-07 |
not yet calculated |
CVE-2023-41905 |
netscout — ngeniuspulse |
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. |
2023-12-07 |
not yet calculated |
CVE-2023-40300 |
netscout — ngeniuspulse |
NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. |
2023-12-07 |
not yet calculated |
CVE-2023-40301 |
netscout — ngeniuspulse |
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability |
2023-12-07 |
not yet calculated |
CVE-2023-40302 |
nuxt-api-party — nuxt-api-party |
`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. “To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.”. This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs. |
2023-12-09 |
not yet calculated |
CVE-2023-49799
|
nuxt-api-party — nuxt-api-party
|
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. |
2023-12-09 |
not yet calculated |
CVE-2023-49800 |
ocpp — ocpp.core |
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor’s perspective is “OCPP.Core is intended for use in a protected environment/network.” |
2023-12-07 |
not yet calculated |
CVE-2023-49955 |
ocpp — ocpp.core |
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions. |
2023-12-07 |
not yet calculated |
CVE-2023-49956 |
ocpp — ocpp.core |
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor’s perspective is “Imagine you’ve got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?” |
2023-12-07 |
not yet calculated |
CVE-2023-49957 |
ocpp — ocpp.core |
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. |
2023-12-07 |
not yet calculated |
CVE-2023-49958 |
opentext — filr |
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. |
2023-12-06 |
not yet calculated |
CVE-2023-32268 |
openzeppelin — openzeppelin_contracts |
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue. |
2023-12-09 |
not yet calculated |
CVE-2023-49798
|
orange_casiers — orange_casiers |
IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. |
2023-12-09 |
not yet calculated |
CVE-2023-50429 |
oscommerce — oscommerce |
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6579
|
oscommerce — oscommerce |
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6609
|
paytm — paytm_payment_gateway |
Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway. This issue affects Paytm Payment Gateway: from n/a through 2.7.0. |
2023-12-07 |
not yet calculated |
CVE-2022-45362 |
phoenix — securecore(tm)_technology(tm)_4
|
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. |
2023-12-07 |
not yet calculated |
CVE-2023-5058
|
prolion_gmbh — cryptospike |
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the user’s store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. |
2023-12-06 |
not yet calculated |
CVE-2023-36655
|
pubnub — pubnub |
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption. |
2023-12-06 |
not yet calculated |
CVE-2023-26154
|
pyinstaller — pyinstaller |
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application ran as administrator (or at least a user with higher privileges than the attacker). 3. The user’s temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non-default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`’s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2023-12-09 |
not yet calculated |
CVE-2023-49797
|
python_software_foundation — cpython |
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes’ groups before starting the new process. There is no issue when the parameter isn’t used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). |
2023-12-08 |
not yet calculated |
CVE-2023-6507
|
qemu — qemu |
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. |
2023-12-06 |
not yet calculated |
CVE-2023-2861
|
qnap_systems_inc. — qts |
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later |
2023-12-08 |
not yet calculated |
CVE-2023-23372 |
qnap_systems_inc. — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later |
2023-12-08 |
not yet calculated |
CVE-2023-32968 |
qnap_systems_inc. — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later |
2023-12-08 |
not yet calculated |
CVE-2023-32975 |
qnap_systems_inc. — viostor_nvr |
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later |
2023-12-08 |
not yet calculated |
CVE-2023-47565 |
qualcomm,_inc. — snapdragon |
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. |
2023-12-05 |
not yet calculated |
CVE-2023-21634 |
qualcomm,_inc. — snapdragon |
Memory Corruption in camera while installing a fd for a particular DMA buffer. |
2023-12-05 |
not yet calculated |
CVE-2023-22383 |
qualcomm,_inc. — snapdragon |
Memory Corruption in Audio while invoking IOCTLs calls from the user-space. |
2023-12-05 |
not yet calculated |
CVE-2023-22668 |
qualcomm,_inc. — snapdragon |
Memory Corruption in SPS Application while exporting public key in sorter TA. |
2023-12-05 |
not yet calculated |
CVE-2023-28546 |
qualcomm,_inc. — snapdragon |
Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
2023-12-05 |
not yet calculated |
CVE-2023-28550 |
qualcomm,_inc. — snapdragon |
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
2023-12-05 |
not yet calculated |
CVE-2023-28551 |
qualcomm,_inc. — snapdragon |
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. |
2023-12-05 |
not yet calculated |
CVE-2023-28579 |
qualcomm,_inc. — snapdragon |
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. |
2023-12-05 |
not yet calculated |
CVE-2023-28580 |
qualcomm,_inc. — snapdragon |
Memory corruption while loading an ELF segment in TEE Kernel. |
2023-12-05 |
not yet calculated |
CVE-2023-28585 |
qualcomm,_inc. — snapdragon |
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
2023-12-05 |
not yet calculated |
CVE-2023-28586 |
qualcomm,_inc. — snapdragon |
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
2023-12-05 |
not yet calculated |
CVE-2023-28587 |
qualcomm,_inc. — snapdragon |
Transient DOS in Bluetooth Host while rfc slot allocation. |
2023-12-05 |
not yet calculated |
CVE-2023-28588 |
qualcomm,_inc. — snapdragon |
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. |
2023-12-05 |
not yet calculated |
CVE-2023-33017 |
qualcomm,_inc. — snapdragon |
Memory corruption while using the UIM diag command to get the operator’s name. |
2023-12-05 |
not yet calculated |
CVE-2023-33018 |
qualcomm,_inc. — snapdragon |
Memory corruption in HLOS while invoking IOCTL calls from user-space. |
2023-12-05 |
not yet calculated |
CVE-2023-33022 |
qualcomm,_inc. — snapdragon |
Memory corruption while sending SMS from AP firmware. |
2023-12-05 |
not yet calculated |
CVE-2023-33024 |
qualcomm,_inc. — snapdragon |
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. |
2023-12-05 |
not yet calculated |
CVE-2023-33041 |
qualcomm,_inc. — snapdragon |
Transient DOS in Modem after RRC Setup message is received. |
2023-12-05 |
not yet calculated |
CVE-2023-33042 |
qualcomm,_inc. — snapdragon |
Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. |
2023-12-05 |
not yet calculated |
CVE-2023-33043 |
qualcomm,_inc. — snapdragon |
Transient DOS in Data modem while handling TLB control messages from the Network. |
2023-12-05 |
not yet calculated |
CVE-2023-33044 |
qualcomm,_inc. — snapdragon |
Memory corruption in Kernel while parsing metadata. |
2023-12-05 |
not yet calculated |
CVE-2023-33053 |
qualcomm,_inc. — snapdragon |
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. |
2023-12-05 |
not yet calculated |
CVE-2023-33054 |
qualcomm,_inc. — snapdragon |
Memory corruption in DSP Services during a remote call from HLOS to DSP. |
2023-12-05 |
not yet calculated |
CVE-2023-33063 |
qualcomm,_inc. — snapdragon |
Transient DOS in Automotive OS due to improper authentication to the secure IO calls. |
2023-12-05 |
not yet calculated |
CVE-2023-33070 |
qualcomm,_inc. — snapdragon |
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. |
2023-12-05 |
not yet calculated |
CVE-2023-33071 |
qualcomm,_inc. — snapdragon |
Memory corruption in Audio while running invalid audio recording from ADSP. |
2023-12-05 |
not yet calculated |
CVE-2023-33079 |
qualcomm,_inc. — snapdragon |
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
2023-12-05 |
not yet calculated |
CVE-2023-33080 |
qualcomm,_inc. — snapdragon |
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. |
2023-12-05 |
not yet calculated |
CVE-2023-33081 |
qualcomm,_inc. — snapdragon |
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. |
2023-12-05 |
not yet calculated |
CVE-2023-33082 |
qualcomm,_inc. — snapdragon |
Memory corruption in WLAN Host while processing RRM beacon on the AP. |
2023-12-05 |
not yet calculated |
CVE-2023-33083 |
qualcomm,_inc. — snapdragon |
Memory corruption in Core while processing RX intent request. |
2023-12-05 |
not yet calculated |
CVE-2023-33087 |
qualcomm,_inc. — snapdragon |
Memory corruption when processing cmd parameters while parsing vdev. |
2023-12-05 |
not yet calculated |
CVE-2023-33088 |
qualcomm,_inc. — snapdragon |
Transient DOS when processing a NULL buffer while parsing WLAN vdev. |
2023-12-05 |
not yet calculated |
CVE-2023-33089 |
qualcomm,_inc. — snapdragon |
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
2023-12-05 |
not yet calculated |
CVE-2023-33092 |
qualcomm,_inc. — snapdragon |
Transient DOS in WLAN Firmware while processing a FTMR frame. |
2023-12-05 |
not yet calculated |
CVE-2023-33097 |
qualcomm,_inc. — snapdragon |
Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
2023-12-05 |
not yet calculated |
CVE-2023-33098 |
qualcomm,_inc. — snapdragon |
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. |
2023-12-05 |
not yet calculated |
CVE-2023-33106 |
qualcomm,_inc. — snapdragon |
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. |
2023-12-05 |
not yet calculated |
CVE-2023-33107 |
qualys — qualysguard |
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. |
2023-12-08 |
not yet calculated |
CVE-2023-6146 |
quarkus — quarkus |
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. |
2023-12-09 |
not yet calculated |
CVE-2023-6394
|
ruijie_networks — eg_series_routers |
Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. |
2023-12-06 |
not yet calculated |
CVE-2023-48849 |
samsung — open_source_escargot |
Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. |
2023-12-06 |
not yet calculated |
CVE-2023-41268 |
samsung_mobile — find_my_mobile
|
Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device. |
2023-12-05 |
not yet calculated |
CVE-2023-42571 |
samsung_mobile — galaxy_store |
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. |
2023-12-05 |
not yet calculated |
CVE-2023-42580 |
samsung_mobile — galaxy_store |
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. |
2023-12-05 |
not yet calculated |
CVE-2023-42581 |
samsung_mobile — gamehomecn |
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. |
2023-12-05 |
not yet calculated |
CVE-2023-42574 |
samsung_mobile — samsung_account_web_sdk |
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. |
2023-12-05 |
not yet calculated |
CVE-2023-42572 |
samsung_mobile — samsung_data_store |
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. |
2023-12-05 |
not yet calculated |
CVE-2023-42578 |
samsung_mobile — samsung_mobile_devices |
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. |
2023-12-05 |
not yet calculated |
CVE-2023-42569 |
samsung_mobile — samsung_mobile_devices |
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. |
2023-12-05 |
not yet calculated |
CVE-2023-42570 |
samsung_mobile — samsung_pass |
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. |
2023-12-05 |
not yet calculated |
CVE-2023-42575 |
samsung_mobile — samsung_pass |
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. |
2023-12-05 |
not yet calculated |
CVE-2023-42576 |
samsung_mobile — search_widget |
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. |
2023-12-05 |
not yet calculated |
CVE-2023-42573 |
seafile — seafile |
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. |
2023-12-09 |
not yet calculated |
CVE-2023-28873
|
seafile — seafile |
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. |
2023-12-09 |
not yet calculated |
CVE-2023-28874
|
senec — storage_box |
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. |
2023-12-07 |
not yet calculated |
CVE-2023-39172 |
server.js — server.js |
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL’s GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. |
2023-12-07 |
not yet calculated |
CVE-2023-46307
|
softaculous — multiple_products |
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance. This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. |
2023-12-07 |
not yet calculated |
CVE-2023-49746 |
softing — opc_suite |
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. |
2023-12-05 |
not yet calculated |
CVE-2023-37572 |
softiron — hypercloud |
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the “admin” or “serveradmin” users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. |
2023-12-05 |
not yet calculated |
CVE-2023-45083 |
softiron — hypercloud |
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud “density” storage nodes running HyperCloud software versions 1.0 to before 2.0.3. |
2023-12-05 |
not yet calculated |
CVE-2023-45084 |
softiron — hypercloud |
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. |
2023-12-05 |
not yet calculated |
CVE-2023-45085 |
software_ag — webmethods |
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you’ll be able to see details like internal IPs, ports, and versions. In some cases, if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-07 |
not yet calculated |
CVE-2023-6578
|
sonicwall — sma100 |
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability. |
2023-12-05 |
not yet calculated |
CVE-2023-44221 |
sonicwall — sma100 |
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. |
2023-12-05 |
not yet calculated |
CVE-2023-5970 |
sourcecodester — simple_student_attendance_system |
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. |
2023-12-08 |
not yet calculated |
CVE-2023-6616
|
sourcecodester — simple_student_attendance_system |
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. |
2023-12-08 |
not yet calculated |
CVE-2023-6617
|
sourcecodester — simple_student_attendance_system |
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255. |
2023-12-08 |
not yet calculated |
CVE-2023-6618
|
sourcecodester — simple_student_attendance_system |
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. |
2023-12-08 |
not yet calculated |
CVE-2023-6619
|
squidex — squidex |
Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation. |
2023-12-07 |
not yet calculated |
CVE-2023-46857
|
strongswan — strongswan |
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. |
2023-12-07 |
not yet calculated |
CVE-2023-41913
|
supermicro — x11/m11 |
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. |
2023-12-07 |
not yet calculated |
CVE-2023-33411
|
supermicro — x11/m11 |
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. |
2023-12-07 |
not yet calculated |
CVE-2023-33412
|
supermicro — x11/m11 |
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. |
2023-12-07 |
not yet calculated |
CVE-2023-33413
|
synctrayzor — synctrayzor |
SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. |
2023-12-09 |
not yet calculated |
CVE-2021-46899
|
tongda — oa |
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6607
|
tongda — oa |
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6608
|
tongda — oa |
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6611
|
totolink — a3002ru |
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. |
2023-12-06 |
not yet calculated |
CVE-2023-48859 |
totolink — n300rt |
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. |
2023-12-07 |
not yet calculated |
CVE-2023-48860 |
totolink — x5000r |
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6612
|
typecho — typecho |
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6613
|
typecho — typecho |
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6614
|
typecho — typecho |
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-12-08 |
not yet calculated |
CVE-2023-6615
|
unitronics — vision_series_plcs_and_hmis |
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system. |
2023-12-05 |
not yet calculated |
CVE-2023-6448 |
upstream/quarkus — upstream/quarkus |
A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial “completion” context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data. |
2023-12-06 |
not yet calculated |
CVE-2023-6393
|
vonage — box_telephone_adapter_vdv23 |
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. |
2023-12-05 |
not yet calculated |
CVE-2023-47304 |
wordpress — wordpress |
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse. This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. |
2023-12-07 |
not yet calculated |
CVE-2023-35039 |
wordpress — wordpress |
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to Dos. This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. |
2023-12-07 |
not yet calculated |
CVE-2023-35909 |
wordpress — wordpress |
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates – Elementor, WordPress & Beaver Builder Templates. This issue affects Starter Templates – Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. |
2023-12-07 |
not yet calculated |
CVE-2023-41804 |
wordpress — wordpress |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets. This issue affects Responsive Column Widgets: from n/a through 1.2.7. |
2023-12-07 |
not yet calculated |
CVE-2023-45762 |
wordpress — wordpress |
Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List. This issue affects 12 Step Meeting List: from n/a through 3.14.24. |
2023-12-07 |
not yet calculated |
CVE-2023-46641 |
wordpress — wordpress |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site. This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. |
2023-12-07 |
not yet calculated |
CVE-2023-47548 |
wordpress — wordpress |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. |
2023-12-07 |
not yet calculated |
CVE-2023-47779 |
wordpress — wordpress |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages. This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. |
2023-12-07 |
not yet calculated |
CVE-2023-48325 |
wordpress — wordpress |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. |
2023-12-07 |
not yet calculated |
CVE-2023-5710
|
wordpress — wordpress |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. |
2023-12-07 |
not yet calculated |
CVE-2023-5711
|
wordpress — wordpress |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. |
2023-12-07 |
not yet calculated |
CVE-2023-5712
|
wordpress — wordpress |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. |
2023-12-07 |
not yet calculated |
CVE-2023-5713
|
wordpress — wordpress |
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. |
2023-12-07 |
not yet calculated |
CVE-2023-5714
|
wordpress — wordpress |
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2023-12-09 |
not yet calculated |
CVE-2023-5756
|
wordpress — wordpress |
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘url’ parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-12-07 |
not yet calculated |
CVE-2023-5761
|
wordpress — wordpress |
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. |
2023-12-09 |
not yet calculated |
CVE-2023-6120
|
wordpress — wordpress |
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2023-12-06 |
not yet calculated |
CVE-2023-6527
|
xen — xen |
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. |
2023-12-08 |
not yet calculated |
CVE-2023-34320 |
xinhu_xinhuoa — xinhu_xinhuoa |
xinhu xinhuoa 2.2.1 contains a File upload vulnerability. |
2023-12-06 |
not yet calculated |
CVE-2023-48930
|
zimbra_collaboration — zimbra_collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42. |
2023-12-07 |
not yet calculated |
CVE-2023-41106
|
zimbra_collaboration — zimbra_collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. |
2023-12-07 |
not yet calculated |
CVE-2023-43102
|
zimbra_collaboration — zimbra_collaboration |
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. |
2023-12-07 |
not yet calculated |
CVE-2023-43103
|
zultys — multiple_products |
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. |
2023-12-08 |
not yet calculated |
CVE-2023-43742 |
zultys — multiple_products |
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. |
2023-12-08 |
not yet calculated |
CVE-2023-43743
|
zultys — multiple_products |
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a “Patch Manager” section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. |
2023-12-08 |
not yet calculated |
CVE-2023-43744
|