Vulnerability Summary for the Week of December 4, 2023

 High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arm — bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. 2023-12-01 7.8 CVE-2023-5427
 
arm — midgard_gpu_kernel_driver Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver. This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0. 2023-12-04 7.8 CVE-2023-32804
arslansoft_education_portal– arslansoft_education_portal Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting. This issue affects Education Portal: before v1.1. 2023-12-01 7.5 CVE-2023-5635
arslansoft_education_portal — arslansoft_education_portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1. 2023-12-01 7.5 CVE-2023-5637
arslansoft_education_portal — arslansoft_education_portal Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. 2023-12-01 9.8 CVE-2023-5634
arslansoft_education_portal — arslansoft_education_portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. 2023-12-01 9.8 CVE-2023-5636
artifex — ghostscript An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. 2023-12-06 7.5 CVE-2023-46751

 

codesys — codesys_control_for_beaglebone_sl A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. 2023-12-05 8.8 CVE-2023-6357
connectize — ac21000_g6_firmware An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. 2023-12-04 9.8 CVE-2023-24049
connectize — ac21000_g6_firmware A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. 2023-12-04 9.8 CVE-2023-24051
connectize — ac21000_g6_firmware An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. 2023-12-04 9.8 CVE-2023-24052
connectize — ac21000_g6_firmware Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. 2023-12-04 8.8 CVE-2023-24048
dell — dm5500_firmware Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in PPOE. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input dat 2023-12-04 9.8 CVE-2023-44305
dell — dm5500_firmware Dell DM5500 contains a privilege escalation vulnerability in PPOE Component. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. 2023-12-04 8.8 CVE-2023-44304
dell — powerprotect_data_manager_dm5500_firmware Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code. 2023-12-04 9.8 CVE-2023-44302
dell — powerprotect_data_manager_dm5500_firmware Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in PPOE component. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-12-04 7.2 CVE-2023-44291
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. 2023-12-02 7.8 CVE-2023-39256
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system. 2023-12-02 7.8 CVE-2023-39257
delta_electronics — dopsoft Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. 2023-12-04 7.8 CVE-2023-5944
 
dlink — go-rt-ac750_firmware D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. 2023-12-01 9.8 CVE-2023-48842
electronjs — electron Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically, this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron. 2023-12-01 7 CVE-2023-44402

 

ezviz — ezviz_studio EzViz Studio v2.2.0 is vulnerable to DLL hijacking. 2023-12-04 7.8 CVE-2023-41613
forgejo — forgejo In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions. 2023-12-03 9.1 CVE-2023-49946

 

forgejo — forgejo Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. 2023-12-03 7.5 CVE-2023-49947
 
gaatitrack_courier_management_system — gaatitrack_courier_management_system A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. 2023-12-07 9.8 CVE-2023-48823
gitlab — gitlab Patch in third party library Consul requires ‘enable-script-checks’ to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. 2023-12-04 8.1 CVE-2023-5332
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. 2023-12-01 7.5 CVE-2023-5226
 
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. 2023-12-01 7.5 CVE-2023-5995
 
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21162
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21163
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21164
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21166
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21215
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21216
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21217
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21218
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21228
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21263
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21401
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21402
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-21403
google — android There is elevation of privilege. 2023-12-04 9.8 CVE-2023-35690
google — android In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 9.8 CVE-2023-40078
google — android In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 9.8 CVE-2023-40082
google — android In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 8.8 CVE-2023-40087
google — android In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 8.8 CVE-2023-40088
google — android In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 8.1 CVE-2023-40077
google — android In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940. 2023-12-04 7.8 CVE-2023-32847
google — android In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659. 2023-12-04 7.8 CVE-2023-32850
google — android In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652. 2023-12-04 7.8 CVE-2023-32851
google — android In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40079
google — android In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40080
google — android In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40084
google — android In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40089
google — android In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40091
google — android In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40094
google — android In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40095
google — android In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40096
google — android In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2023-12-04 7.8 CVE-2023-40097
google — android In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-40103
google — android Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. 2023-12-05 7.8 CVE-2023-42558
google — android Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. 2023-12-05 7.8 CVE-2023-42560
google — android Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. 2023-12-05 7.8 CVE-2023-42562
google — android Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. 2023-12-05 7.8 CVE-2023-42563
google — android Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. 2023-12-05 7.8 CVE-2023-42566
google — android Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. 2023-12-05 7.8 CVE-2023-42567
google — android In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42681
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42685
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42686
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42687
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42688
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42689
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42690
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42691
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42692
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42693
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42694
google — android In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42695
google — android In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42696
google — android In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42736
google — android In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42738
google — android In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42739
google — android In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42740
google — android In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42743
google — android In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42745
google — android In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42746
google — android In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42747
google — android In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed 2023-12-04 7.8 CVE-2023-42748
google — android In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45773
google — android In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user’s image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45774
google — android In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45775
google — android In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45776
google — android In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45777
google — android In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 7.8 CVE-2023-45779
google — android There is information disclosure. 2023-12-04 7.5 CVE-2023-21227
google — android In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed 2023-12-04 7.5 CVE-2023-42716
google — android In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed 2023-12-04 7.5 CVE-2023-42717
hitachi_energy — relion_670_firmware A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.  2023-12-01 7.5 CVE-2023-4518
htmlunit — htmlunit HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 2023-12-04 9.8 CVE-2023-49093
 
huddly — huddlycameraservice DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. 2023-12-01 7.8 CVE-2023-45252
huddly — huddlycameraservices An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. 2023-12-01 7.8 CVE-2023-45253
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. 2023-12-01 7.8 CVE-2023-45168
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. 2023-12-04 7.5 CVE-2023-29258
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. 2023-12-04 7.5 CVE-2023-38727
 
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. 2023-12-04 7.5 CVE-2023-40687
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807. 2023-12-04 7.5 CVE-2023-40692
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. 2023-12-03 7.5 CVE-2023-45178
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. 2023-12-04 7.5 CVE-2023-46167
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. 2023-12-04 7.5 CVE-2023-47701
 
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. 2023-12-04 7.2 CVE-2023-38003
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. 2023-12-01 8.8 CVE-2023-38268
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. 2023-12-01 7.5 CVE-2023-40699
 
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. 2023-12-05 8.8 CVE-2023-49372
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. 2023-12-05 8.8 CVE-2023-49373
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. 2023-12-05 8.8 CVE-2023-49374
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. 2023-12-05 8.8 CVE-2023-49375
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. 2023-12-05 8.8 CVE-2023-49376
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. 2023-12-05 8.8 CVE-2023-49377
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. 2023-12-05 8.8 CVE-2023-49378
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. 2023-12-05 8.8 CVE-2023-49379
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. 2023-12-05 8.8 CVE-2023-49380
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. 2023-12-05 8.8 CVE-2023-49381
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. 2023-12-05 8.8 CVE-2023-49382
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. 2023-12-05 8.8 CVE-2023-49383
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. 2023-12-05 8.8 CVE-2023-49395
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. 2023-12-05 8.8 CVE-2023-49396
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. 2023-12-05 8.8 CVE-2023-49397
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. 2023-12-05 8.8 CVE-2023-49398
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. 2023-12-05 8.8 CVE-2023-49446
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. 2023-12-05 8.8 CVE-2023-49447
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. 2023-12-05 8.8 CVE-2023-49448
jupiter — jupiter A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. 2023-12-01 9.8 CVE-2023-48887

 

kashipara_group — student_information_system Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘photo’ parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 2023-12-07 9.9 CVE-2023-4122
 
kashipara_group — student_information_system Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the ‘regno’ parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 2023-12-08 9.8 CVE-2023-5008
 
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). 2023-12-04 7.5 CVE-2023-32841
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). 2023-12-04 7.5 CVE-2023-32842
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849). 2023-12-04 7.5 CVE-2023-32843
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). 2023-12-04 7.5 CVE-2023-32844
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). 2023-12-04 7.5 CVE-2023-32845
mediatek — nr15 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). 2023-12-04 7.5 CVE-2023-32846
microcks — microcks Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. 2023-12-04 9.8 CVE-2023-48910

 

microsoft — azure_rtos_netx_duo Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48315
microsoft — azure_rtos_netx_duo Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48316
microsoft — azure_rtos_netx_duo Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48691
microsoft — azure_rtos_netx_duo Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48692
microsoft — azure_rtos_threadx Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48693
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48694
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48695
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48696
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-48697
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2023-12-07 9.6 CVE-2023-35618
nettyrpc — nettyrpc A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. 2023-12-01 9.8 CVE-2023-48886
 
octobercms — october October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. 2023-12-01 9.1 CVE-2023-44382
online_accounting_system — online_accounting_system A vulnerability was found in ???????????????? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability. 2023-12-03 7.5 CVE-2018-25094

 

perl — perl In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a p{…} regular expression construct is mishandled. The earliest affected version is 5.30.0. 2023-12-02 9.8 CVE-2023-47100
phpgurukul — restaurant_table_booking_system Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. 2023-12-01 7.5 CVE-2023-48016
phpjabbers — appointment_scheduler Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. 2023-12-07 8.8 CVE-2023-48841
 
phpjabbers — appointment_scheduler A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. 2023-12-07 7.5 CVE-2023-48840
 
phpjabbers — availability_booking_calendar A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. 2023-12-07 7.5 CVE-2023-48831
 
phpjabbers — car_rental_script Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. 2023-12-07 8.8 CVE-2023-48835
 
phpjabbers — car_rental_script A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. 2023-12-07 7.5 CVE-2023-48834
 
phpjabbers — shuttle_booking_software Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. 2023-12-07 8.8 CVE-2023-48830
 
phpjabbers — time_slots_booking_calendar Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. 2023-12-07 8.8 CVE-2023-48826
 
phpjabbers — time_slots_booking_calendar A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. 2023-12-07 7.5 CVE-2023-48833
 
prestashop — prestashop In the module “Product Tag Icons Pro” (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. 2023-12-06 9.8 CVE-2023-46353
prestashop — prestashop In the module “Orders (CSV, Excel) Export PRO” (ordersexport) 2023-12-06 7.5 CVE-2023-46354
qos — logback A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. 2023-12-04 7.5 CVE-2023-6481
 
reiner-lemoine-institut — nesp2 A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It has been classified as critical. Affected is an unknown function of the file app/database.py. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 07c0cdf36cf6a4345086d07b54423723a496af5e. It is recommended to apply a patch to fix this issue. VDB-246642 is the identifier assigned to this vulnerability. 2023-12-03 9.8 CVE-2020-36768

 

ruoyi — ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. 2023-12-01 9.8 CVE-2023-49371
 
sei-info — rakrak_document_plus Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. 2023-12-04 8.8 CVE-2023-49108
 
sem-cms — semcms SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data. 2023-12-04 7.5 CVE-2023-48863
 
senayan_library_management_systems — slims_9_bulian SQL injection vulnerability in Senayan Library Management Systems Slims 9 Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the date parameter in the staff_act.php. 2023-12-01 8.8 CVE-2023-48893
 
senec — storage_box The affected devices use publicly available default credentials with administrative privileges. 2023-12-07 9.8 CVE-2023-39169
senec — storage_box In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices’ logfiles that contain sensitive data. 2023-12-07 7.5 CVE-2023-39167
senec — storage_box SENEC Storage Box V1,V2 and V3 accidentally expose a management UI accessible with publicly known admin credentials. 2023-12-07 7.2 CVE-2023-39171
sierrawireless — aleos The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. 2023-12-04 7.5 CVE-2023-40459
sierrawireless — aleos The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. 2023-12-04 7.5 CVE-2023-40462
sierrawireless — aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. 2023-12-04 7.2 CVE-2023-40463
senayan_library_management_systems — slims_9_bulian Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. 2023-12-01 8.8 CVE-2023-48813
 
solon — solon Ssolon 2023-12-04 9.8 CVE-2023-48967
sourcecodester — user_registration_and_login_system A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability. 2023-12-02 9.8 CVE-2023-6464

 

squid-cache — squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-04 7.5 CVE-2023-49285

 

squid-cache — squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-04 7.5 CVE-2023-49286

 

squid-cache — squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with “collapsed_forwarding on” are vulnerable. Configurations with “collapsed_forwarding off” or without a “collapsed_forwarding” directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. 2023-12-04 7.5 CVE-2023-49288
tenda — ax12_firmware Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. 2023-12-07 9.8 CVE-2023-49424
tenda — ax12_firmware Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . 2023-12-07 9.8 CVE-2023-49425
tenda — ax12_firmware Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. 2023-12-07 9.8 CVE-2023-49426
tenda — ax12_firmware Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the ‘mac’ parameter at /goform/SetOnlineDevName. 2023-12-07 9.8 CVE-2023-49428
tenda — ax12_firmware Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the ‘list’ parameter at /goform/SetNetControlList. 2023-12-07 9.8 CVE-2023-49437
tenda — ax3_firmware Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. 2023-12-07 9.8 CVE-2023-49408
tenda — ax3_firmware Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. 2023-12-07 9.8 CVE-2023-49409
tenda — ax9_firmware Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the ‘setDeviceInfo’ feature through the ‘mac’ parameter at /goform/setModules. 2023-12-07 9.8 CVE-2023-49429
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the ‘list’ parameter at /goform/SetStaticRouteCfg. 2023-12-07 9.8 CVE-2023-49430
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the ‘mac’ parameter at /goform/SetOnlineDevName. 2023-12-07 9.8 CVE-2023-49431
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the ‘deviceList’ parameter at /goform/setMacFilterCfg. 2023-12-07 9.8 CVE-2023-49432
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the ‘list’ parameter at /goform/SetVirtualServerCfg. 2023-12-07 9.8 CVE-2023-49433
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the ‘list’ parameter at /goform/SetNetControlList. 2023-12-07 9.8 CVE-2023-49434
tenda — ax9_firmware Tenda AX9 V22.03.01.46 is vulnerable to command injection. 2023-12-07 9.8 CVE-2023-49435
tenda — ax9_firmware Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the ‘list’ parameter at /goform/SetNetControlList. 2023-12-07 9.8 CVE-2023-49436
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. 2023-12-07 9.8 CVE-2023-49402
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. 2023-12-07 9.8 CVE-2023-49403
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. 2023-12-07 9.8 CVE-2023-49404
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. 2023-12-07 9.8 CVE-2023-49405
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. 2023-12-07 9.8 CVE-2023-49406
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. 2023-12-07 9.8 CVE-2023-49410
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. 2023-12-07 9.8 CVE-2023-49411
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. 2023-12-07 9.8 CVE-2023-49999
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. 2023-12-07 9.8 CVE-2023-50000
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. 2023-12-07 9.8 CVE-2023-50001
tenda — w30e_firmware Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. 2023-12-07 9.8 CVE-2023-50002
thinkadmin — thinkadmin An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. 2023-12-04 8.8 CVE-2023-48965
thinkadmin — thinkadmin An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. 2023-12-04 8.8 CVE-2023-48966
tinydir — tinydir TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6. 2023-12-04 9.8 CVE-2023-49287

 

tj-actions — branch-names tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result, an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 9.8 CVE-2023-49291

 

totolink — x6000r_firmware An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. 2023-12-01 9.8 CVE-2023-43453
totolink — x6000r_firmware An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. 2023-12-01 9.8 CVE-2023-43454
totolink — x6000r_firmware An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. 2023-12-01 9.8 CVE-2023-43455
totolink — x6000r_firmware TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. 2023-12-04 9.8 CVE-2023-48799
 
totolink — x6000r_firmware In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. 2023-12-04 9.8 CVE-2023-48800
 
totolink — x6000r_firmware In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. 2023-12-01 9.8 CVE-2023-48801
 
traefik — traefik Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-04 7.5 CVE-2023-47633

 

typecho — typecho Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. 2023-12-07 7.5 CVE-2023-49967
u-tec — ultraloq_ul3_bt_firmware Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. 2023-12-05 8.1 CVE-2022-46480
wago — telecontrol_configurator The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device. 2023-12-05 7.5 CVE-2023-5188
wordpress — wordpress The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog 2023-12-04 9.8 CVE-2023-5952
wordpress — wordpress The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. 2023-12-04 8.8 CVE-2023-5762
wordpress — wordpress The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server 2023-12-04 8.8 CVE-2023-5953
wordpress — wordpress The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. 2023-12-04 7.5 CVE-2023-6063
 
wordpress — wordpress The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 2023-12-04 7.2 CVE-2023-5108
wordpress — wordpress The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘validate’ function and insufficient blocklisting on the ‘wpcf7_antiscript_file_name’ function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site’s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion. 2023-12-01 7.2 CVE-2023-6449

 

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
assaabloy — yale_conexis_l1_firmware Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. 2023-12-05 6.5 CVE-2023-26941
assaabloy — yale_ia-210_firmware Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. 2023-12-05 6.5 CVE-2023-26942
assaabloy — yale_keyless_smart_lock_firmware Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. 2023-12-05 6.5 CVE-2023-26943
bannersky — bsk_contact_form_7_blacklist The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitize and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-04 6.1 CVE-2023-5141
best_courier_management_system — best_courier_management_system Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. 2023-12-07 5.4 CVE-2023-46974
 
boidcms — boidcms BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. 2023-12-07 5.4 CVE-2023-48824
cainor — calendarinho Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. 2023-12-01 6.1 CVE-2023-49281

 

choosemuse — muse_2_firmware InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a “false” brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal. 2023-12-02 6.5 CVE-2023-49914
 
collabora_online — collabora_online Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-01 6.1 CVE-2023-48314
connectize — ac21000_g6_firmware An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. 2023-12-04 6.8 CVE-2023-24046
connectize — ac21000_g6_firmware An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. 2023-12-04 6.8 CVE-2023-24047
connectize — ac21000_g6_firmware Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. 2023-12-04 5.4 CVE-2023-24050
dpaste — dpaste dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user’s browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability. 2023-12-01 6.1 CVE-2023-49277
 
dell — dm5500_firmware Dell DM5500 contains a path traversal vulnerability in PPOE Component. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite the files stored on the server filesystem. 2023-12-04 6.5 CVE-2023-44306
dell — powerprotect_data_manager_dm5500_firmware Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2023-12-04 5.5 CVE-2023-44300
dell — powerprotect_data_manager_dm5500_firmware Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user’s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2023-12-04 5.4 CVE-2023-44301
ecies — go ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade. 2023-12-05 4.8 CVE-2023-49292

 

fishshell — fish fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 6.6 CVE-2023-49284

 

forgejo — forgejo Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. 2023-12-03 5.3 CVE-2023-49948

 

gaatitrack_courier_management_system — gaatitrack_courier_management_system A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. 2023-12-07 6.1 CVE-2023-48206
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. 2023-12-01 6.5 CVE-2023-4912
 
gitlab — gitlab Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser. 2023-12-01 5.4 CVE-2023-6033
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects’ release descriptions via an atom endpoint when release access on the public was set to only project members. 2023-12-01 5.3 CVE-2023-3949
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. 2023-12-01 4.3 CVE-2023-3443
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings. 2023-12-01 4.3 CVE-2023-3964
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch. 2023-12-01 4.3 CVE-2023-4317
 
google — android Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. 2023-12-05 6.8 CVE-2023-42561
google — android In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896. 2023-12-04 6.7 CVE-2023-32848
google — android In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758. 2023-12-04 6.7 CVE-2023-32849
google — android In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764. 2023-12-04 6.7 CVE-2023-32853
google — android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132. 2023-12-04 6.7 CVE-2023-32854
google — android In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473. 2023-12-04 6.7 CVE-2023-32859
google — android In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788. 2023-12-04 6.7 CVE-2023-32860
google — android In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081. 2023-12-04 6.7 CVE-2023-32861
google — android In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762. 2023-12-04 6.7 CVE-2023-32862
google — android In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314. 2023-12-04 6.7 CVE-2023-32863
google — android In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187. 2023-12-04 6.7 CVE-2023-32864
google — android In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456. 2023-12-04 6.7 CVE-2023-32865
google — android In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152. 2023-12-04 6.7 CVE-2023-32866
google — android In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793. 2023-12-04 6.7 CVE-2023-32867
google — android In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632. 2023-12-04 6.7 CVE-2023-32868
google — android In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689. 2023-12-04 6.7 CVE-2023-32869
google — android In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740. 2023-12-04 6.7 CVE-2023-32870
google — android Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. 2023-12-05 6.7 CVE-2023-42557
google — android Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. 2023-12-05 6.7 CVE-2023-42565
google — android In camera service, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed 2023-12-04 6.7 CVE-2023-42722
google — android In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 6.5 CVE-2023-40090
google — android In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2022-48462
google — android In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2022-48463
google — android In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2022-48464
google — android In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-35668
google — android In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40073
google — android In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40074
google — android In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40075
google — android In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40076
google — android In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40081
google — android In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40083
google — android In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user’s image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40092
google — android In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-40098
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42671
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42672
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42673
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42674
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42675
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42676
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42677
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42678
google — android In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42697
google — android In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42698
google — android In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42699
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42700
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42701
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42702
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42703
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42704
google — android In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42705
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42706
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42707
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42708
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42709
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42710
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42711
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42712
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42713
google — android In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42714
google — android In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42715
google — android In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42718
google — android In video service, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42719
google — android In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42720
google — android In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42721
google — android In camera service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42723
google — android In phasecheckserver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42728
google — android In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42730
google — android In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42732
google — android In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42733
google — android In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42734
google — android In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42737
google — android In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42741
google — android In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42742
google — android In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42744
google — android In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed 2023-12-04 5.5 CVE-2023-42749
google — android In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. 2023-12-04 5.5 CVE-2023-45781
google — android Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. 2023-12-05 5.2 CVE-2023-42559
google — android In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971. 2023-12-04 4.4 CVE-2023-32852
google — android In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705. 2023-12-04 4.4 CVE-2023-32856
google — android In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710. 2023-12-04 4.4 CVE-2023-32857
google — android In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008. 2023-12-04 4.4 CVE-2023-32858
google — android Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. 2023-12-05 4.4 CVE-2023-42568
google — android In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42679
google — android In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42680
google — android In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42682
google — android In gsp driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42683
google — android In gsp driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42684
google — android In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42724
google — android In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42725
google — android In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42726
google — android In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42727
google — android In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42729
google — android In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42731
google — android In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed 2023-12-04 4.4 CVE-2023-42735
google — android In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2023-12-04 4.4 CVE-2023-42751
google — cloud_firestore A potential logging of the firestore key via logging within nodejs-firestore exists – Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue 2023-12-04 5.5 CVE-2023-6460
grocy_project — grocy A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy 2023-12-04 5.4 CVE-2023-48866
 
hitachi — vantara_hitachi_network_attached_storage SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. 2023-12-05 6.5 CVE-2023-5808
hitachienergy — rtu520_firmware A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized. 2023-12-04 6.1 CVE-2023-5767
hitachienergy — rtu520_firmware A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again. 2023-12-04 6.1 CVE-2023-5768
ibm — i IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. 2023-12-01 5.5 CVE-2023-42006
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. 2023-12-01 5.9 CVE-2023-42019
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. 2023-12-01 5.4 CVE-2023-42009
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. 2023-12-01 5.4 CVE-2023-42022
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. 2023-12-01 5.4 CVE-2023-43015
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506. 2023-12-01 5.4 CVE-2023-46174
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. 2023-12-01 5.3 CVE-2023-43021
 
ibm — planning_analytics_on_cloud_pak_for_data IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. 2023-12-01 6.5 CVE-2023-26024

MISC

jupyter — jupyter_server The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-04 4.3 CVE-2023-49080
 
keking — kkfileview kkFileView v4.3.0 is vulnerable to Incorrect Access Control. 2023-12-04 6.1 CVE-2023-48815
 
lestrrat-go — jwx lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE’s algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 5.3 CVE-2023-49290
 
lfprojects — mlflow Cross-site Scripting (XSS) – Reflected in GitHub repository mlflow/mlflow prior to 2.9.0. 2023-12-07 6.1 CVE-2023-6568
 
librespeed — speedtest A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643. 2023-12-03 6.1 CVE-2022-4957

 

linuxfoundation — yocto In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204. 2023-12-04 6.7 CVE-2023-32855
microsoft — ajax.net_professional Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 5.4 CVE-2023-49289

 

microsoft — edge Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 2023-12-07 4.8 CVE-2023-36880
microsoft — edge Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 2023-12-07 4.3 CVE-2023-38174
misp — misp app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. 2023-12-03 6.1 CVE-2023-49926
 
octobercms — october October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. 2023-12-01 4.9 CVE-2023-44381
phpems — phpems A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file appcontentclsapi.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. 2023-12-02 4.8 CVE-2023-6472

 

phpgurukul — nipah_virus_testing_management_system A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640. 2023-12-03 6.5 CVE-2023-6474

 

phpgurukul — nipah_virus_testing_management_system A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615. 2023-12-02 6.1 CVE-2023-6465

 

phpjabbers — appointment_scheduler Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. 2023-12-07 5.4 CVE-2023-48838
 
phpjabbers — appointment_scheduler Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. 2023-12-07 5.4 CVE-2023-48839
 
phpjabbers — availability_booking_calendar A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. 2023-12-07 6.1 CVE-2023-48208
phpjabbers — availability_booking_calendar Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. 2023-12-07 5.4 CVE-2023-48825
phpjabbers — car_rental_script Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. 2023-12-07 5.4 CVE-2023-48836
 
phpjabbers — car_rental_script Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. 2023-12-07 5.4 CVE-2023-48837
 
phpjabbers — shuttle_booking_software A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. 2023-12-07 5.4 CVE-2023-48172

 

phpjabbers — time_slots_booking_calendar Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. 2023-12-07 5.4 CVE-2023-48827
 
phpjabbers — time_slots_booking_calendar Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. 2023-12-07 5.4 CVE-2023-48828
 
posthog — posthog PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability. 2023-12-01 4.3 CVE-2023-46746
 
preh — mib3_firmware The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022. 2023-12-01 6.8 CVE-2023-28895
sourcecodester — online_quiz_system A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639. 2023-12-02 5.4 CVE-2023-6473

 

sourcecodester — user_registration_and_login_system A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612. 2023-12-01 6.1 CVE-2023-6462

 

sourcecodester — user_registration_and_login_system A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability. 2023-12-01 5.4 CVE-2023-6463

 

samsung — android Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information. 2023-12-05 5.5 CVE-2023-42556
samsung — android Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. 2023-12-05 5.5 CVE-2023-42564
sierrawireless — aleos Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. 2023-12-04 6.8 CVE-2023-40464
sierrawireless — aleos Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. 2023-12-04 5.5 CVE-2023-40465
sierrawireless — aleos The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. 2023-12-04 5.4 CVE-2023-40460
sierrawireless — aleos The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. 2023-12-04 4.8 CVE-2023-40461
solarwinds — serv-u A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. 2023-12-06 4.6 CVE-2023-40053
 
thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616. 2023-12-02 6.1 CVE-2023-6466

 

traefik — traefik Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-04 6.5 CVE-2023-47106

 

traefik — traefik Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let’s Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`. 2023-12-04 5.9 CVE-2023-47124

 

uptime.kuma — uptime_kuma Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-01 6.1 CVE-2023-49276
 
minipaint– minipaint Cross-site Scripting (XSS) – Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. 2023-12-01 6.1 CVE-2023-6461
 
vitejs — vite Vite is a website frontend framework. When Vite’s HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (``), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`. Only apps using `appType: ‘custom’` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren’t exposed to the attacker. This issue has been addressed in vite@5.0.5, vite@4.5.1, and vite@4.4.12. There are no known workarounds for this vulnerability. 2023-12-04 6.1 CVE-2023-49293
wordpress — wordpress The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` 2023-12-04 6.5 CVE-2023-5105
wordpress — wordpress The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. 2023-12-04 6.5 CVE-2023-5884
wordpress — wordpress The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products 2023-12-04 6.5 CVE-2023-5979
wordpress — wordpress The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks 2023-12-04 6.5 CVE-2023-5990
wordpress — wordpress The AMP+ Plus WordPress plugin through 3.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-04 6.1 CVE-2023-5210
wordpress — wordpress The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-12-04 6.1 CVE-2023-5951
wordpress — wordpress The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 2023-12-04 5.4 CVE-2023-4460
wordpress — wordpress The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). 2023-12-04 4.8 CVE-2023-5137
wordpress — wordpress The Popup box WordPress plugin before 3.8.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-04 4.8 CVE-2023-5809
wordpress — wordpress The Popup box WordPress plugin before 3.8.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-12-04 4.8 CVE-2023-5874
xwiki — change_request XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it’s possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won’t be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It’s possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default. 2023-12-04 6.5 CVE-2023-49280

 

yokogawa — stardom_fcj_firmware A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. 2023-12-01 5.3 CVE-2023-5915

 

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. 2023-12-01 3.3 CVE-2023-43089
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. 2023-12-01 3.1 CVE-2023-4658
 
preh — mib3_firmware Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022. 2023-12-01 2.4 CVE-2023-28896
thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability. 2023-12-02 3.7 CVE-2023-6467

 

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alen_soft — ttplayer DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. 2023-12-07 not yet calculated CVE-2023-48861
ami — aptiov AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.  2023-12-06 not yet calculated CVE-2023-39538
ami — aptiov AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.  2023-12-06 not yet calculated CVE-2023-39539
apache — ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10 2023-12-05 not yet calculated CVE-2023-49070

 

apache — struts When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. 2023-12-05 not yet calculated CVE-2023-41835
 
apache — struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. 2023-12-07 not yet calculated CVE-2023-50164
 
arista_networks — mos On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. 2023-12-06 not yet calculated CVE-2023-24547
atlassian — assets_discovery_cloud This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. 2023-12-06 not yet calculated CVE-2023-22523
 
atlassian — companion_for_mac Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. 2023-12-06 not yet calculated CVE-2023-22524
 
atlassian — confluence_data_center This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. 2023-12-06 not yet calculated CVE-2023-22522
 
atos_unify — openscape_session_border_controller An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products “Session Border Controller” (SBC) and “Branch”, before version V10 R3.4.0, and OpenScape “BCF” before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user. 2023-12-05 not yet calculated CVE-2023-6269
 
availability_booking_calendar — availability_booking_calendar Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. 2023-12-07 not yet calculated CVE-2023-48207
bitcoin_core/bitcoin_knots — bitcoin_core/bitcoin_knots In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. 2023-12-09 not yet calculated CVE-2023-50428

 

bluez — blulez Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. 2023-12-08 not yet calculated CVE-2023-45866

 

brocade — brocade_switches Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. 2023-12-06 not yet calculated CVE-2021-27795
buildroot — buildroot A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. 2023-12-05 not yet calculated CVE-2023-43608
 
buildroot — buildroot Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `aufs` package. 2023-12-05 not yet calculated CVE-2023-45838
 
buildroot — buildroot Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `aufs-util` package. 2023-12-05 not yet calculated CVE-2023-45839
 
buildroot — buildroot Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `riscv64-elf-toolchain` package. 2023-12-05 not yet calculated CVE-2023-45840
 
buildroot — buildroot Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `versal-firmware` package. 2023-12-05 not yet calculated CVE-2023-45841
 
buildroot — buildroot Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This vulnerability is related to the `mxsldr` package. 2023-12-05 not yet calculated CVE-2023-45842
 
byzoro — patrolflow_2530pro_firmware A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6577

 

byzoro — smart_s20_firmware A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6574

 

byzoro — smart_s210_firmware A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6575

 

byzoro — smart_s210_firmware A vulnerability was found in Beijing Baichuo S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6576

 

candid — candid The Candid library causes a Denial of Service while parsing a specially crafted payload with ’empty’ data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected. 2023-12-08 not yet calculated CVE-2023-6245

 

cloudflare — tokio-boring The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. 2023-12-05 not yet calculated CVE-2023-6180
collabora_online — collabora_online Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online – Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-08 not yet calculated CVE-2023-49782
 
collabora_online — collabora_online Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-08 not yet calculated CVE-2023-49788
commscope,_inc. — zonedirector A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. 2023-12-07 not yet calculated CVE-2023-49225
 
controlbyweb — x-332-24i The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user’s session. 2023-12-07 not yet calculated CVE-2023-6333
curl — curl This flaw allows a malicious HTTP server to set “super cookies” in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl’s function that verifies a given cookie domain against the Public Suffix List (PSL). For example, a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. 2023-12-07 not yet calculated CVE-2023-46218

 

d-link — dar-7000 A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6581

 

d-link — dir-846 A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6580

 

daicuo — daicuo A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-12-06 not yet calculated CVE-2023-48940

 

dedecms — dedecms DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. 2023-12-07 not yet calculated CVE-2023-49492
dedecms — dedecms
 
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. 2023-12-07 not yet calculated CVE-2023-49493
dell — dell_networking_os10 Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. 2023-12-05 not yet calculated CVE-2023-39248
dell — inspiron_15 The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker’s fingerprint. 2023-12-09 not yet calculated CVE-2023-50430
dell — poweredge_bios Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. 2023-12-05 not yet calculated CVE-2023-44297
dell — poweredge_bios Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. 2023-12-05 not yet calculated CVE-2023-44298
dell — poweredge_platform Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. 2023-12-08 not yet calculated CVE-2023-32460
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. 2023-12-05 not yet calculated CVE-2023-44288
dell — powerscale_onefs Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. 2023-12-05 not yet calculated CVE-2023-44295
devolutions — remote_desktop_manager Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. 2023-12-06 not yet calculated CVE-2023-6288
devolutions — workspace Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. 2023-12-07 not yet calculated CVE-2023-6588
doracms — doracms DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. 2023-12-08 not yet calculated CVE-2023-49443
doracms — doracms An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. 2023-12-08 not yet calculated CVE-2023-49444
draytek — vigor167 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. 2023-12-09 not yet calculated CVE-2023-47254
 
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. 2023-12-08 not yet calculated CVE-2023-49484
elastic — elasticsearch-hadoop An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue. 2023-12-05 not yet calculated CVE-2023-46674
ericsson — evolved_packet_gateway An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. 2023-12-05 not yet calculated CVE-2022-47531
ericsson — network_manager Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. 2023-12-07 not yet calculated CVE-2023-39909
espocrm — espocrm EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 not yet calculated CVE-2023-46736

 

etsi — tetra_standard The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. 2023-12-05 not yet calculated CVE-2022-24403
evershop_npm — evershop_npm Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. 2023-12-08 not yet calculated CVE-2023-46493
 
evershop_npm — evershop_npm Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. 2023-12-08 not yet calculated CVE-2023-46494
 
evershop_npm — evershop_npm Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. 2023-12-08 not yet calculated CVE-2023-46495
 
evershop_npm — evershop_npm Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. 2023-12-08 not yet calculated CVE-2023-46496
 
evershop_npm — evershop_npm Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. 2023-12-08 not yet calculated CVE-2023-46497
 
evershop_npm — evershop_npm An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. 2023-12-08 not yet calculated CVE-2023-46498
 
evershop_npm — evershop_npm Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. 2023-12-08 not yet calculated CVE-2023-46499
 
filerun — filerun A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. 2023-12-06 not yet calculated CVE-2023-28875
 
filerun — filerun A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. 2023-12-06 not yet calculated CVE-2023-28876
 
formalms — formalms Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. 2023-12-07 not yet calculated CVE-2023-46693
franklin_electric_fueling_systems — sentinel_anyware Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The ‘path’ parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. 2023-12-08 not yet calculated CVE-2023-48928
franklin_electric_fueling_systems — sentinel_anyware Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The ‘sid’ parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. 2023-12-08 not yet calculated CVE-2023-48929
fxc_inc. — ae1021pe An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. 2023-12-06 not yet calculated CVE-2023-49897
 
gladys_assistant — gladys_assistant Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. 2023-12-07 not yet calculated CVE-2023-47440

 

go_standard_library — crypto/tls Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. 2023-12-05 not yet calculated CVE-2023-45287

 

go_standard_library — net/http/internal A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. 2023-12-06 not yet calculated CVE-2023-39326

 

go_toolchain — cmd/go Using go get to fetch a module with the “.git” suffix may unexpectedly fallback to the insecure “git://” protocol if the module is unavailable via the secure “https://” and “git+ssh://” protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off). 2023-12-06 not yet calculated CVE-2023-45285

 

google — android Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. 2023-12-05 not yet calculated CVE-2023-42577
google — android Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack. 2023-12-05 not yet calculated CVE-2023-42579
google — android In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48397
google — android In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48398
google — android In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48399
google — android In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48401
google — android In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48402
google — android In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48403
google — android In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48404
google — android there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48405
google — android there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48406
google — android there is a possible DCK won’t be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48407
google — android In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48408
google — android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48409
google — android In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48410
google — android In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48411
google — android In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48412
google — android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48413
google — android In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48414
google — android In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48415
google — android In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48416
google — android There is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48420
google — android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48421
google — android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48422
google — android In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. 2023-12-08 not yet calculated CVE-2023-48423
google — chrome Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-12-06 not yet calculated CVE-2023-6508

 

google — chrome Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) 2023-12-06 not yet calculated CVE-2023-6509

 

google — chrome Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) 2023-12-06 not yet calculated CVE-2023-6510

 

google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) 2023-12-06 not yet calculated CVE-2023-6511

 

google — chrome Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) 2023-12-06 not yet calculated CVE-2023-6512

 

gpac — gpac GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. 2023-12-07 not yet calculated CVE-2023-46871
 
gpac — gpac Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. 2023-12-09 not yet calculated CVE-2023-46932
gpac — gpac An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. 2023-12-09 not yet calculated CVE-2023-47465
gpac — gpac gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. 2023-12-07 not yet calculated CVE-2023-48958
 
gpsd — gpsd An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. 2023-12-05 not yet calculated CVE-2023-43628
hashicorp — vault/vault_enterprise HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. 2023-12-08 not yet calculated CVE-2023-6337
hcl_software — hcl_connections HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user’s account then launch other attacks. 2023-12-07 not yet calculated CVE-2023-28017
huawei — ajmd-370s The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.  Successful exploitation of this vulnerability may allow attackers to access restricted functions. 2023-12-06 not yet calculated CVE-2023-6514
huawei — harmonyos Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. 2023-12-06 not yet calculated CVE-2023-44099
 
huawei — harmonyos Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-44113
 
huawei — harmonyos Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. 2023-12-06 not yet calculated CVE-2023-46773
 
huawei — harmonyos Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49239
 
huawei — harmonyos Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49240
 
huawei — harmonyos API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49241
 
huawei — harmonyos Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49242
 
huawei — harmonyos Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49243
 
huawei — harmonyos Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49244
 
huawei — harmonyos Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49245
 
huawei — harmonyos Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49246
 
huawei — harmonyos Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. 2023-12-06 not yet calculated CVE-2023-49247
 
huawei — harmonyos Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. 2023-12-06 not yet calculated CVE-2023-49248
 
huawei — harmonyos Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-12-06 not yet calculated CVE-2023-6273
 
ibm — api_connect IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. 2023-12-09 not yet calculated CVE-2023-47722
 
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. 2023-12-09 not yet calculated CVE-2023-28523
 
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. 2023-12-09 not yet calculated CVE-2023-28526
 
ibm — informix_dynamic_server IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. 2023-12-09 not yet calculated CVE-2023-28527
 
iconics — scada_software_iconics_suite Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll 2023-12-08 not yet calculated CVE-2023-6061
implem_inc. — pleasanter Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user’s web browser. 2023-12-06 not yet calculated CVE-2023-34439
 
implem_inc. — pleasanter Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. 2023-12-06 not yet calculated CVE-2023-45210
 
implem_inc. — pleasanter Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. 2023-12-06 not yet calculated CVE-2023-46688
 
insyde — insyde520
 
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. 2023-12-07 not yet calculated CVE-2023-40238

 

iterative — pydrive2 PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 not yet calculated CVE-2023-49297
 
jellyfin — jellyfin Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos//stream` and `/Videos//stream.` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It’s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn’t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can’t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-06 not yet calculated CVE-2023-49096

 

jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. 2023-12-08 not yet calculated CVE-2023-49485
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. 2023-12-08 not yet calculated CVE-2023-49486
jfinalcms — jfinalcms JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. 2023-12-08 not yet calculated CVE-2023-49487
johnson_controls — metasys_nae55/sne/snc Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. 2023-12-07 not yet calculated CVE-2023-4486
 
jorani_leave_management_system — jorani_leave_management_system Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. 2023-12-07 not yet calculated CVE-2023-48205
jupyterhub — dockerspawner dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. 2023-12-08 not yet calculated CVE-2023-48311
 
libde265 — libde265 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. 2023-12-07 not yet calculated CVE-2023-49465
libde265 — libde265 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. 2023-12-07 not yet calculated CVE-2023-49467
libde265 — libde265 Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. 2023-12-07 not yet calculated CVE-2023-49468
libheif — libheif libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. 2023-12-07 not yet calculated CVE-2023-49460
libheif — libheif libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. 2023-12-07 not yet calculated CVE-2023-49462
libheif — libheif libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. 2023-12-07 not yet calculated CVE-2023-49463
 
libheif — libheif libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. 2023-12-07 not yet calculated CVE-2023-49464
linkding — linkding A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. 2023-12-09 not yet calculated CVE-2023-6646

 

linux — kernel An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. 2023-12-09 not yet calculated CVE-2023-6560

 

linux — kernel An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. 2023-12-08 not yet calculated CVE-2023-6606

 

linux — kernel An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. 2023-12-08 not yet calculated CVE-2023-6610

 

linux — kernel A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. 2023-12-08 not yet calculated CVE-2023-6622

 

linux — kernel
 
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. 2023-12-09 not yet calculated CVE-2023-50431
ly_corp. — line_app An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43298
ly_corp. — line_app An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43299
ly_corp. — line_app An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43300
ly_corp. — line_app An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43301
ly_corp. — line_app An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43302
ly_corp. — line_app An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43303
ly_corp. — line_app An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-07 not yet calculated CVE-2023-43304
ly_corp. — line_app An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2023-12-08 not yet calculated CVE-2023-43305
mattermost — mattermost Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal. 2023-12-06 not yet calculated CVE-2023-6458
mattermost — mattermost Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs. 2023-12-06 not yet calculated CVE-2023-6459
maxima_watches — maxima_max_pro_power Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. 2023-12-07 not yet calculated CVE-2023-46916
 
mgt-commerce — cloudpanel File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. 2023-12-08 not yet calculated CVE-2023-46157
 
micro_focus — arcsight_management_center A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). 2023-12-09 not yet calculated CVE-2020-25835
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-05 not yet calculated CVE-2023-48698
microsoftgraph — msgraph-sdk-php msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function. 2023-12-05 not yet calculated CVE-2023-49282

 

microsoftgraph — msgraph-sdk-php microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php`. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in version 2.0.2. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php` file, remove access to the /vendor directory, or disable the phpinfo function 2023-12-05 not yet calculated CVE-2023-49283

 

microweber — microweber An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. 2023-12-08 not yet calculated CVE-2023-48122
 
microweber — microweber Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. 2023-12-07 not yet calculated CVE-2023-6566
 
microweber — microweber Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. 2023-12-08 not yet calculated CVE-2023-6599
 
mlflow — mlflow An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. 2023-12-05 not yet calculated CVE-2023-43472
mockjs — mockjs All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if ([“__proto__”, “constructor”, “prototype”].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i 2023-12-08 not yet calculated CVE-2023-26158
 
ncp_engineering_gmbh — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. 2023-12-09 not yet calculated CVE-2023-28868
ncp_engineering_gmbh — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. 2023-12-09 not yet calculated CVE-2023-28869
ncp_engineering_gmbh — secure_enterprise_client Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. 2023-12-09 not yet calculated CVE-2023-28870
ncp_engineering_gmbh — secure_enterprise_client Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. 2023-12-09 not yet calculated CVE-2023-28871
netgate — pfsense_plus/pfsense_ce An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. 2023-12-06 not yet calculated CVE-2023-48123

 

netgear — orbi_rbr750 In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. 2023-12-08 not yet calculated CVE-2023-49007
netscout — ngeniusone NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). 2023-12-07 not yet calculated CVE-2023-41168
netscout — ngeniusone NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). 2023-12-07 not yet calculated CVE-2023-41169
netscout — ngeniusone NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. 2023-12-07 not yet calculated CVE-2023-41170
netscout — ngeniusone NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). 2023-12-07 not yet calculated CVE-2023-41171
netscout — ngeniusone NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). 2023-12-07 not yet calculated CVE-2023-41172
netscout — ngeniusone NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. 2023-12-07 not yet calculated CVE-2023-41905
netscout — ngeniuspulse NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. 2023-12-07 not yet calculated CVE-2023-40300
netscout — ngeniuspulse NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. 2023-12-07 not yet calculated CVE-2023-40301
netscout — ngeniuspulse NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability 2023-12-07 not yet calculated CVE-2023-40302
nuxt-api-party — nuxt-api-party `nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. “To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.”. This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs. 2023-12-09 not yet calculated CVE-2023-49799

 

nuxt-api-party — nuxt-api-party
 
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. 2023-12-09 not yet calculated CVE-2023-49800
ocpp — ocpp.core An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor’s perspective is “OCPP.Core is intended for use in a protected environment/network.” 2023-12-07 not yet calculated CVE-2023-49955
ocpp — ocpp.core An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions. 2023-12-07 not yet calculated CVE-2023-49956
ocpp — ocpp.core An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor’s perspective is “Imagine you’ve got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?” 2023-12-07 not yet calculated CVE-2023-49957
ocpp — ocpp.core An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. 2023-12-07 not yet calculated CVE-2023-49958
opentext — filr Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. 2023-12-06 not yet calculated CVE-2023-32268
openzeppelin — openzeppelin_contracts OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue. 2023-12-09 not yet calculated CVE-2023-49798
 
orange_casiers — orange_casiers IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. 2023-12-09 not yet calculated CVE-2023-50429
oscommerce — oscommerce A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6579

 

oscommerce — oscommerce A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6609
 
paytm — paytm_payment_gateway Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway. This issue affects Paytm Payment Gateway: from n/a through 2.7.0. 2023-12-07 not yet calculated CVE-2022-45362
phoenix — securecore(tm)_technology(tm)_4
 
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. 2023-12-07 not yet calculated CVE-2023-5058
 
prolion_gmbh — cryptospike The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the user’s store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. 2023-12-06 not yet calculated CVE-2023-36655
 
pubnub — pubnub Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption. 2023-12-06 not yet calculated CVE-2023-26154

 

pyinstaller — pyinstaller PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application ran as administrator (or at least a user with higher privileges than the attacker). 3. The user’s temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non-default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`’s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-09 not yet calculated CVE-2023-49797

 

python_software_foundation — cpython An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes’ groups before starting the new process. There is no issue when the parameter isn’t used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). 2023-12-08 not yet calculated CVE-2023-6507

 

qemu — qemu A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. 2023-12-06 not yet calculated CVE-2023-2861
 
qnap_systems_inc. — qts A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later 2023-12-08 not yet calculated CVE-2023-23372
qnap_systems_inc. — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later 2023-12-08 not yet calculated CVE-2023-32968
qnap_systems_inc. — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later 2023-12-08 not yet calculated CVE-2023-32975
qnap_systems_inc. — viostor_nvr An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later 2023-12-08 not yet calculated CVE-2023-47565
qualcomm,_inc. — snapdragon Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. 2023-12-05 not yet calculated CVE-2023-21634
qualcomm,_inc. — snapdragon Memory Corruption in camera while installing a fd for a particular DMA buffer. 2023-12-05 not yet calculated CVE-2023-22383
qualcomm,_inc. — snapdragon Memory Corruption in Audio while invoking IOCTLs calls from the user-space. 2023-12-05 not yet calculated CVE-2023-22668
qualcomm,_inc. — snapdragon Memory Corruption in SPS Application while exporting public key in sorter TA. 2023-12-05 not yet calculated CVE-2023-28546
qualcomm,_inc. — snapdragon Memory corruption in MPP performance while accessing DSM watermark using external memory address. 2023-12-05 not yet calculated CVE-2023-28550
qualcomm,_inc. — snapdragon Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. 2023-12-05 not yet calculated CVE-2023-28551
qualcomm,_inc. — snapdragon Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. 2023-12-05 not yet calculated CVE-2023-28579
qualcomm,_inc. — snapdragon Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. 2023-12-05 not yet calculated CVE-2023-28580
qualcomm,_inc. — snapdragon Memory corruption while loading an ELF segment in TEE Kernel. 2023-12-05 not yet calculated CVE-2023-28585
qualcomm,_inc. — snapdragon Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. 2023-12-05 not yet calculated CVE-2023-28586
qualcomm,_inc. — snapdragon Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. 2023-12-05 not yet calculated CVE-2023-28587
qualcomm,_inc. — snapdragon Transient DOS in Bluetooth Host while rfc slot allocation. 2023-12-05 not yet calculated CVE-2023-28588
qualcomm,_inc. — snapdragon Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. 2023-12-05 not yet calculated CVE-2023-33017
qualcomm,_inc. — snapdragon Memory corruption while using the UIM diag command to get the operator’s name. 2023-12-05 not yet calculated CVE-2023-33018
qualcomm,_inc. — snapdragon Memory corruption in HLOS while invoking IOCTL calls from user-space. 2023-12-05 not yet calculated CVE-2023-33022
qualcomm,_inc. — snapdragon Memory corruption while sending SMS from AP firmware. 2023-12-05 not yet calculated CVE-2023-33024
qualcomm,_inc. — snapdragon Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. 2023-12-05 not yet calculated CVE-2023-33041
qualcomm,_inc. — snapdragon Transient DOS in Modem after RRC Setup message is received. 2023-12-05 not yet calculated CVE-2023-33042
qualcomm,_inc. — snapdragon Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. 2023-12-05 not yet calculated CVE-2023-33043
qualcomm,_inc. — snapdragon Transient DOS in Data modem while handling TLB control messages from the Network. 2023-12-05 not yet calculated CVE-2023-33044
qualcomm,_inc. — snapdragon Memory corruption in Kernel while parsing metadata. 2023-12-05 not yet calculated CVE-2023-33053
qualcomm,_inc. — snapdragon Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. 2023-12-05 not yet calculated CVE-2023-33054
qualcomm,_inc. — snapdragon Memory corruption in DSP Services during a remote call from HLOS to DSP. 2023-12-05 not yet calculated CVE-2023-33063
qualcomm,_inc. — snapdragon Transient DOS in Automotive OS due to improper authentication to the secure IO calls. 2023-12-05 not yet calculated CVE-2023-33070
qualcomm,_inc. — snapdragon Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. 2023-12-05 not yet calculated CVE-2023-33071
qualcomm,_inc. — snapdragon Memory corruption in Audio while running invalid audio recording from ADSP. 2023-12-05 not yet calculated CVE-2023-33079
qualcomm,_inc. — snapdragon Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. 2023-12-05 not yet calculated CVE-2023-33080
qualcomm,_inc. — snapdragon Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. 2023-12-05 not yet calculated CVE-2023-33081
qualcomm,_inc. — snapdragon Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. 2023-12-05 not yet calculated CVE-2023-33082
qualcomm,_inc. — snapdragon Memory corruption in WLAN Host while processing RRM beacon on the AP. 2023-12-05 not yet calculated CVE-2023-33083
qualcomm,_inc. — snapdragon Memory corruption in Core while processing RX intent request. 2023-12-05 not yet calculated CVE-2023-33087
qualcomm,_inc. — snapdragon Memory corruption when processing cmd parameters while parsing vdev. 2023-12-05 not yet calculated CVE-2023-33088
qualcomm,_inc. — snapdragon Transient DOS when processing a NULL buffer while parsing WLAN vdev. 2023-12-05 not yet calculated CVE-2023-33089
qualcomm,_inc. — snapdragon Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. 2023-12-05 not yet calculated CVE-2023-33092
qualcomm,_inc. — snapdragon Transient DOS in WLAN Firmware while processing a FTMR frame. 2023-12-05 not yet calculated CVE-2023-33097
qualcomm,_inc. — snapdragon Transient DOS while parsing WPA IES, when it is passed with length more than expected size. 2023-12-05 not yet calculated CVE-2023-33098
qualcomm,_inc. — snapdragon Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. 2023-12-05 not yet calculated CVE-2023-33106
qualcomm,_inc. — snapdragon Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. 2023-12-05 not yet calculated CVE-2023-33107
qualys — qualysguard A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.  2023-12-08 not yet calculated CVE-2023-6146
quarkus — quarkus A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. 2023-12-09 not yet calculated CVE-2023-6394
 
ruijie_networks — eg_series_routers Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. 2023-12-06 not yet calculated CVE-2023-48849
samsung — open_source_escargot Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. 2023-12-06 not yet calculated CVE-2023-41268
samsung_mobile — find_my_mobile
 
Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device. 2023-12-05 not yet calculated CVE-2023-42571
samsung_mobile — galaxy_store Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. 2023-12-05 not yet calculated CVE-2023-42580
samsung_mobile — galaxy_store Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. 2023-12-05 not yet calculated CVE-2023-42581
samsung_mobile — gamehomecn Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. 2023-12-05 not yet calculated CVE-2023-42574
samsung_mobile — samsung_account_web_sdk Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. 2023-12-05 not yet calculated CVE-2023-42572
samsung_mobile — samsung_data_store Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. 2023-12-05 not yet calculated CVE-2023-42578
samsung_mobile — samsung_mobile_devices Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. 2023-12-05 not yet calculated CVE-2023-42569
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. 2023-12-05 not yet calculated CVE-2023-42570
samsung_mobile — samsung_pass Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. 2023-12-05 not yet calculated CVE-2023-42575
samsung_mobile — samsung_pass Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. 2023-12-05 not yet calculated CVE-2023-42576
samsung_mobile — search_widget PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. 2023-12-05 not yet calculated CVE-2023-42573
seafile — seafile An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. 2023-12-09 not yet calculated CVE-2023-28873
 
seafile — seafile The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. 2023-12-09 not yet calculated CVE-2023-28874
 
senec — storage_box The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. 2023-12-07 not yet calculated CVE-2023-39172
server.js — server.js An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL’s GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. 2023-12-07 not yet calculated CVE-2023-46307

 

softaculous — multiple_products Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance. This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. 2023-12-07 not yet calculated CVE-2023-49746
softing — opc_suite Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. 2023-12-05 not yet calculated CVE-2023-37572
softiron — hypercloud An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the “admin” or “serveradmin” users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. 2023-12-05 not yet calculated CVE-2023-45083
softiron — hypercloud An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud “density” storage nodes running HyperCloud software versions 1.0 to before 2.0.3. 2023-12-05 not yet calculated CVE-2023-45084
softiron — hypercloud An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. 2023-12-05 not yet calculated CVE-2023-45085
software_ag — webmethods A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you’ll be able to see details like internal IPs, ports, and versions. In some cases, if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-07 not yet calculated CVE-2023-6578
 
sonicwall — sma100 Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability. 2023-12-05 not yet calculated CVE-2023-44221
sonicwall — sma100 Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. 2023-12-05 not yet calculated CVE-2023-5970
sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. 2023-12-08 not yet calculated CVE-2023-6616

 

sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. 2023-12-08 not yet calculated CVE-2023-6617

 

sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255. 2023-12-08 not yet calculated CVE-2023-6618

 

sourcecodester — simple_student_attendance_system A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. 2023-12-08 not yet calculated CVE-2023-6619

 

squidex — squidex Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation. 2023-12-07 not yet calculated CVE-2023-46857

 

strongswan — strongswan strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. 2023-12-07 not yet calculated CVE-2023-41913
 
supermicro — x11/m11 A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. 2023-12-07 not yet calculated CVE-2023-33411
 
supermicro — x11/m11 The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. 2023-12-07 not yet calculated CVE-2023-33412
 
supermicro — x11/m11 The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. 2023-12-07 not yet calculated CVE-2023-33413
 
synctrayzor — synctrayzor SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. 2023-12-09 not yet calculated CVE-2021-46899
 
tongda — oa A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6607

 

tongda — oa A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6608

 

tongda — oa A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6611

 

totolink — a3002ru TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. 2023-12-06 not yet calculated CVE-2023-48859
totolink — n300rt TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. 2023-12-07 not yet calculated CVE-2023-48860
totolink — x5000r A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6612

 

typecho — typecho A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6613

 

typecho — typecho A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6614

 

typecho — typecho A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-08 not yet calculated CVE-2023-6615

 

unitronics — vision_series_plcs_and_hmis Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system. 2023-12-05 not yet calculated CVE-2023-6448
upstream/quarkus — upstream/quarkus A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial “completion” context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data. 2023-12-06 not yet calculated CVE-2023-6393
 
vonage — box_telephone_adapter_vdv23 An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. 2023-12-05 not yet calculated CVE-2023-47304
wordpress — wordpress Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse. This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. 2023-12-07 not yet calculated CVE-2023-35039
wordpress — wordpress Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to Dos. This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. 2023-12-07 not yet calculated CVE-2023-35909
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates – Elementor, WordPress & Beaver Builder Templates. This issue affects Starter Templates – Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. 2023-12-07 not yet calculated CVE-2023-41804
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets. This issue affects Responsive Column Widgets: from n/a through 1.2.7. 2023-12-07 not yet calculated CVE-2023-45762
wordpress — wordpress Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List. This issue affects 12 Step Meeting List: from n/a through 3.14.24. 2023-12-07 not yet calculated CVE-2023-46641
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site. This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. 2023-12-07 not yet calculated CVE-2023-47548
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. 2023-12-07 not yet calculated CVE-2023-47779
wordpress — wordpress URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages. This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. 2023-12-07 not yet calculated CVE-2023-48325
wordpress — wordpress The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. 2023-12-07 not yet calculated CVE-2023-5710

 

wordpress — wordpress The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. 2023-12-07 not yet calculated CVE-2023-5711

 

wordpress — wordpress The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. 2023-12-07 not yet calculated CVE-2023-5712

 

wordpress — wordpress The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. 2023-12-07 not yet calculated CVE-2023-5713

 

wordpress — wordpress The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. 2023-12-07 not yet calculated CVE-2023-5714

 

wordpress — wordpress The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-12-09 not yet calculated CVE-2023-5756
 
wordpress — wordpress The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘url’ parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2023-12-07 not yet calculated CVE-2023-5761
 
wordpress — wordpress The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. 2023-12-09 not yet calculated CVE-2023-6120

 

wordpress — wordpress The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2023-12-06 not yet calculated CVE-2023-6527
 
xen — xen Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. 2023-12-08 not yet calculated CVE-2023-34320
xinhu_xinhuoa — xinhu_xinhuoa xinhu xinhuoa 2.2.1 contains a File upload vulnerability. 2023-12-06 not yet calculated CVE-2023-48930

 

zimbra_collaboration — zimbra_collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42. 2023-12-07 not yet calculated CVE-2023-41106

 

zimbra_collaboration — zimbra_collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. 2023-12-07 not yet calculated CVE-2023-43102
 
zimbra_collaboration — zimbra_collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. 2023-12-07 not yet calculated CVE-2023-43103
 
zultys — multiple_products An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. 2023-12-08 not yet calculated CVE-2023-43742
zultys — multiple_products A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. 2023-12-08 not yet calculated CVE-2023-43743
 
zultys — multiple_products An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a “Patch Manager” section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. 2023-12-08 not yet calculated CVE-2023-43744
 

Back to top