High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
7-card — fakabao | A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7183 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
7-card — fakabao | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249386 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7184 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
7-card — fakabao | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7185 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
7-card — fakabao | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7186 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
amazon-ion — ion-java | Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. | 2024-01-03 | 7.5 | CVE-2024-21634 security-advisories@github.com |
apache — dolphinscheduler | Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. | 2023-12-30 | 8.8 | CVE-2023-49299 security@apache.org security@apache.org |
apktool — apktool | Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files’ output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either username is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue. | 2024-01-03 | 7.8 | CVE-2024-21633 security-advisories@github.com security-advisories@github.com |
campcodes — chic_beauty_salon | A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. | 2023-12-29 | 8.8 | CVE-2023-7150 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes — online_college_library_system | A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7156 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes — online_college_library_system | A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. | 2023-12-30 | 7.2 | CVE-2023-7178 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes — online_college_library_system | A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363. | 2023-12-30 | 8.8 | CVE-2023-7176 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes — online_college_library_system | A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364. | 2023-12-30 | 8.8 | CVE-2023-7177 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes — online_college_library_system | A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. | 2023-12-30 | 8.8 | CVE-2023-7179 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cesanta — mjs | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | 2024-01-02 | 7.5 | CVE-2023-49550 cve@mitre.org |
cesanta — mjs | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | 2024-01-02 | 7.5 | CVE-2023-49551 cve@mitre.org |
cloudflare,_inc. — miniflare | Sending specially crafted HTTP requests to Miniflare’s server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. | 2023-12-29 | 8.1 | CVE-2023-7078 cna@cloudflare.com cna@cloudflare.com |
cloudflare,_inc. — wrangler | The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev –remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev’s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | 2023-12-29 | 8 | CVE-2023-7080 cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com |
code-projects — client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. | 2023-12-29 | 9.8 | CVE-2023-7141 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects — client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7142 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects — college_notes_gallery | A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability. | 2023-12-31 | 8.8 | CVE-2023-7130 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro — online_food_ordering_system | A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | 2024-01-05 | 7.3 | CVE-2024-0247 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
coolkit_technology — ewelink-smart_home_for_android_and_ios | Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0. | 2023-12-30 | 7.7 | CVE-2023-6998 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
dedebiz — dedebiz | A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-30 | 7.2 | CVE-2023-7181 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
documize — documize | SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | 2023-12-29 | 9.8 | CVE-2023-23634 cve@mitre.org |
easy-rules-mvel — easy-rules-mvel | easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | 2023-12-29 | 7.8 | CVE-2023-50571 cve@mitre.org |
ekol_informatics — website_template | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. | 2024-01-02 | 9.8 | CVE-2023-6436 iletisim@usom.gov.tr |
embras — geosiap_erp | Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | 2023-12-30 | 9.8 | CVE-2023-50589 cve@mitre.org cve@mitre.org cve@mitre.org |
flarum — flarum | Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. | 2024-01-05 | 7.5 | CVE-2024-21641 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
follow-redirects — follow-redirects | Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | 2024-01-02 | 7.3 | CVE-2023-26159 report@snyk.io report@snyk.io report@snyk.io |
froxlor — froxlor | Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue. | 2024-01-03 | 7.5 | CVE-2023-50256 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
gm_information_technologies — multi-disciplinary_design_optimization | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4675 iletisim@usom.gov.tr |
google — android | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). | 2024-01-02 | 7.5 | CVE-2023-32889 security@mediatek.com |
google — google_nest_mini | An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege | 2024-01-02 | 10 | CVE-2023-48419 dsap-vuln-management@google.com |
google — pixel_watch | In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | 2024-01-02 | 10 | CVE-2023-48418 dsap-vuln-management@google.com |
google — pixel_watch | There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | 2024-01-02 | 8.4 | CVE-2023-4164 dsap-vuln-management@google.com |
google — wifi_pro | Google Nest WiFi Pro root code-execution & user-data compromise | 2024-01-02 | 10 | CVE-2023-6339 dsap-vuln-management@google.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | 2024-01-03 | 8.8 | CVE-2023-45722 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. | 2024-01-03 | 8.2 | CVE-2023-45724 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. | 2024-01-03 | 8.3 | CVE-2023-50343 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | 2024-01-03 | 8.2 | CVE-2023-50350 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | 2024-01-03 | 8.2 | CVE-2023-50351 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. | 2024-01-03 | 7.6 | CVE-2023-45723 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a “Missing Access Control” vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. | 2024-01-03 | 7.6 | CVE-2023-50341 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control. | 2024-01-03 | 7.1 | CVE-2023-50342 psirt@hcl.com |
hihonor — magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 7.5 | CVE-2023-23427 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 7.5 | CVE-2023-23428 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 7.5 | CVE-2023-23429 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | 2023-12-29 | 7.1 | CVE-2023-23435 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | 2023-12-29 | 7.1 | CVE-2023-23436 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-23442 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-23443 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-51426 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-51427 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-51428 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | 2023-12-29 | 7.8 | CVE-2023-51434 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-51435 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magichome | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 7.5 | CVE-2023-23430 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — nth-an00_firmware | Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | 2023-12-29 | 9.8 | CVE-2023-23424 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — nth-an00_firmware | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 2023-12-29 | 7.1 | CVE-2023-23431 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — nth-an00_firmware | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 2023-12-29 | 7.1 | CVE-2023-23432 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — nth-an00_firmware | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 2023-12-29 | 7.1 | CVE-2023-23433 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hitachi_energy — rtu500_series_cmu_firmware | A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. | 2024-01-04 | 7.5 | CVE-2022-2081 cybersecurity@hitachienergy.com |
hospital_management_system — hospital_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. | 2023-12-30 | 7.3 | CVE-2023-7172 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
jeecg — jeecg_boot | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | 2023-12-30 | 9.8 | CVE-2023-41542 cve@mitre.org |
jeecg — jeecg_boot | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | 2023-12-30 | 9.8 | CVE-2023-41543 cve@mitre.org cve@mitre.org |
jeecg — jeecg_boot | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | 2023-12-30 | 9.8 | CVE-2023-41544 cve@mitre.org |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘itemnameid’ parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49622 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cancelid’ parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49624 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49625 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘buyer_address’ parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49633 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘customer_details’ parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49639 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bank_details’ parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49658 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘quantity[]’ parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49665 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — billing_software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘custmer_details’ parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-49666 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — online_notice_board_system | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50743 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — online_notice_board_system | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘e’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50752 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — online_notice_board_system | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50753 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — online_notice_board_system | Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘f’ parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 2024-01-04 | 8.8 | CVE-2023-50760 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50862 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50863 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelId’ parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50864 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘city’ parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50865 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50866 help@fluidattacks.com help@fluidattacks.com |
kashipara_group — travel_website | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 2024-01-04 | 9.8 | CVE-2023-50867 help@fluidattacks.com help@fluidattacks.com |
laf — laf | Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist. | 2024-01-03 | 9.6 | CVE-2023-50253 security-advisories@github.com security-advisories@github.com |
lenovo — universal_device_client | Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | 2024-01-03 | 7.8 | CVE-2023-6338 psirt@lenovo.com |
linux — kernel | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial-of-service condition or potential code execution. | 2024-01-04 | 7 | CVE-2023-6270 secalert@redhat.com secalert@redhat.com |
linux — kernel | A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. | 2024-01-02 | 7.8 | CVE-2024-0193 secalert@redhat.com secalert@redhat.com |
man-group — dtale | D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. | 2024-01-05 | 7.5 | CVE-2024-21642 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
masterlab — masterlab | A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. | 2023-12-29 | 9.8 | CVE-2023-7144 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
masterlab — masterlab | A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. | 2023-12-29 | 9.8 | CVE-2023-7145 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
masterlab — masterlab | A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7146 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
masterlab — masterlab | A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7147 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
masterlab — masterlab | A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7159 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mattermost — mattermost | Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | 2023-12-29 | 8.8 | CVE-2023-7114 responsibledisclosure@mattermost.com |
mediatek — lr13 | In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893). | 2024-01-02 | 9.8 | CVE-2023-32874 security@mediatek.com |
mediatek — lr13 | In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). | 2024-01-02 | 7.5 | CVE-2023-32890 security@mediatek.com |
mediatek — nr15 | In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | 2024-01-02 | 7.5 | CVE-2023-32886 security@mediatek.com |
mediatek — nr15 | In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). | 2024-01-02 | 7.5 | CVE-2023-32887 security@mediatek.com |
mediatek — nr15 | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). | 2024-01-02 | 7.5 | CVE-2023-32888 security@mediatek.com |
micropython — micropython | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. | 2023-12-29 | 9.8 | CVE-2023-7152 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
micropython — micropython | A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | 2023-12-29 | 9.8 | CVE-2023-7158 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
microsoft — python_extension | Visual Studio Code Python Extension Remote Code Execution Vulnerability | 2023-12-29 | 7.8 | CVE-2020-17163 secure@microsoft.com |
misskey — misskey | Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user’s permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64). | 2023-12-29 | 9.6 | CVE-2023-52139 security-advisories@github.com security-advisories@github.com |
mtab — bookmark | A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.1 | CVE-2023-7193 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
netentsec — application_security_gateway_firmware | A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183. | 2023-12-29 | 9.8 | CVE-2023-7161 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
omniauth-microsoft_graph — omniauth-microsoft_graph | omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. | 2024-01-02 | 8.6 | CVE-2024-21632 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
otclient — otclient | OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue. | 2024-01-02 | 9.8 | CVE-2024-21623 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
paddlepaddle — paddlepaddle | Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | 2024-01-03 | 9.8 | CVE-2023-52304 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | 2024-01-03 | 9.8 | CVE-2023-52307 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | 2024-01-03 | 9.8 | CVE-2023-52309 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | 2024-01-03 | 9.8 | CVE-2023-52310 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | 2024-01-03 | 9.8 | CVE-2023-52311 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | 2024-01-03 | 9.8 | CVE-2023-52314 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-38674 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-38675 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-38676 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-38677 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-38678 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52302 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52303 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52305 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52306 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52308 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52312 paddle-security@baidu.com |
paddlepaddle — paddlepaddle | FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 2024-01-03 | 7.5 | CVE-2023-52313 paddle-security@baidu.com |
pandorafms — pandora_fms | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 8.8 | CVE-2023-44088 security@pandorafms.com |
perl — perl | A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | 2024-01-02 | 7.8 | CVE-2023-47039 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
poly — multiple_products | A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256. | 2023-12-29 | 7.5 | CVE-2023-4463 cna@vuldb.com cna@vuldb.com nvd@nist.gov cna@vuldb.com cna@vuldb.com |
poly — multiple_products | A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability. | 2023-12-29 | 7.2 | CVE-2023-4464 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly — trio_8800/trio_c60 | A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. | 2023-12-29 | 7.6 | CVE-2023-4468 cna@vuldb.com cna@vuldb.com nvd@nist.gov cna@vuldb.com cna@vuldb.com |
prestashop — prestashop | PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. | 2024-01-02 | 8.1 | CVE-2024-21627 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
priva — topcontrol_suite | The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite. | 2024-01-02 | 7.5 | CVE-2022-3010 csirt@divd.nl csirt@divd.nl csirt@divd.nl |
qnap_systems_inc. — qts/quts_hero | A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | 2024-01-05 | 7.5 | CVE-2023-39296 security@qnapsecurity.com.tw |
qnap_systems_inc. — qumagie | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 7.4 | CVE-2023-47560 security@qnapsecurity.com.tw |
qnap_systems_inc. — video_station | An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | 2024-01-05 | 8.8 | CVE-2023-41288 security@qnapsecurity.com.tw |
qualcomm,_inc. — snapdragon | Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. | 2024-01-02 | 9.8 | CVE-2023-33025 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in HLOS while running playready use-case. | 2024-01-02 | 9.3 | CVE-2023-33030 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | 2024-01-02 | 9.3 | CVE-2023-33032 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in Audio during playback with speaker protection. | 2024-01-02 | 8.4 | CVE-2023-33033 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption while running VK synchronization with KASAN enabled. | 2024-01-02 | 8.4 | CVE-2023-33094 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. | 2024-01-02 | 8.4 | CVE-2023-33108 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. | 2024-01-02 | 8.4 | CVE-2023-33113 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. | 2024-01-02 | 8.4 | CVE-2023-33114 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. | 2024-01-02 | 8.4 | CVE-2023-43514 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Information disclosure in Core services while processing a Diag command. | 2024-01-02 | 7.6 | CVE-2023-33014 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. | 2024-01-02 | 7.1 | CVE-2023-33036 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | 2024-01-02 | 7.1 | CVE-2023-33037 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS in Data Modem during DTLS handshake. | 2024-01-02 | 7.5 | CVE-2023-33040 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS in WLAN Firmware while parsing a BTM request. | 2024-01-02 | 7.5 | CVE-2023-33062 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in wearables while processing data from AON. | 2024-01-02 | 7.8 | CVE-2023-33085 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | 2024-01-02 | 7.5 | CVE-2023-33109 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback – PCM close and reset session index causing memory corruption. | 2024-01-02 | 7.8 | CVE-2023-33110 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS when WLAN firmware receives “reassoc response” frame including RIC_DATA element. | 2024-01-02 | 7.5 | CVE-2023-33112 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver. | 2024-01-02 | 7.5 | CVE-2023-33116 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. | 2024-01-02 | 7.8 | CVE-2023-33117 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. | 2024-01-02 | 7.8 | CVE-2023-33118 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption in Audio when memory map command is executed consecutively in ADSP. | 2024-01-02 | 7.8 | CVE-2023-33120 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | 2024-01-02 | 7.5 | CVE-2023-43511 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer. | 2024-01-02 | 7.5 | CVE-2023-43512 product-security@qualcomm.com |
red_hat — red_hat_developer_hub | A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. | 2024-01-04 | 7.3 | CVE-2023-6944 secalert@redhat.com secalert@redhat.com |
s-cms — s-cms | A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7189 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
s-cms — s-cms | A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7190 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
s-cms — s-cms | A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7191 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
scone — scone | Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | 2023-12-30 | 7.8 | CVE-2022-46487 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
shifuml — shifu | A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. | 2023-12-29 | 8.1 | CVE-2023-7148 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
shipping_100_fahuo100 — shipping_100_fahuo100 | A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.1 | CVE-2023-7188 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sidequestvr — sidequest | SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. | 2024-01-04 | 8.8 | CVE-2024-21625 security-advisories@github.com |
siemens — syngo_fastview | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097) | 2024-01-04 | 7.8 | CVE-2021-40367 productcert@siemens.com |
siemens — syngo_fastview | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860) | 2024-01-04 | 7.8 | CVE-2021-42028 productcert@siemens.com |
siemens — syngo_fastview | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696) | 2024-01-04 | 7.8 | CVE-2021-45465 productcert@siemens.com |
silicon_labs — gecko_sdk | An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | 2024-01-02 | 9.3 | CVE-2023-4280 product-security@silabs.com product-security@silabs.com |
small_crm — small_crm | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. | 2023-12-29 | 9.8 | CVE-2023-50035 cve@mitre.org |
sourcecodester — customer_support_system | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | 2023-12-29 | 8.8 | CVE-2023-50070 cve@mitre.org cve@mitre.org |
sourcecodester — customer_support_system | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. | 2023-12-29 | 8.8 | CVE-2023-50071 cve@mitre.org cve@mitre.org |
sourcecodester — engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. | 2024-01-01 | 7.3 | CVE-2024-0182 cna@vuldb.com cna@vuldb.com |
sourcecodester — free_and_open_source_inventory_management_system | A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. | 2023-12-29 | 9.8 | CVE-2023-7157 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester — free_and_open_source_inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. | 2023-12-29 | 8.8 | CVE-2023-7155 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sqlite — sqlite3 | A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | 2023-12-29 | 9.8 | CVE-2023-7104 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tencent — tencent_distributed_sql | Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. | 2023-12-31 | 7.5 | CVE-2023-52286 cve@mitre.org |
testlink — testlink | TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | 2023-12-30 | 7.5 | CVE-2023-50110 cve@mitre.org |
tj-actions — verify-changed-files | The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. | 2023-12-29 | 7.7 | CVE-2023-52137 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
totolink — n350rt_firmware | A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-31 | 8.8 | CVE-2023-7187 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | 2023-12-30 | 9.8 | CVE-2023-51133 cve@mitre.org cve@mitre.org |
totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | 2023-12-30 | 9.8 | CVE-2023-51135 cve@mitre.org cve@mitre.org |
totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | 2023-12-30 | 9.8 | CVE-2023-51136 cve@mitre.org cve@mitre.org |
totolink — x6000r_firmware | TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | 2023-12-30 | 9.8 | CVE-2023-50651 cve@mitre.org cve@mitre.org |
unified_remote — unified_remote | Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | 2023-12-30 | 9.8 | CVE-2023-52252 cve@mitre.org cve@mitre.org |
ween_software — admin_panel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4541 iletisim@usom.gov.tr |
wireshark_foundation — wireshark | HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | 2024-01-03 | 7.8 | CVE-2024-0207 cve@gitlab.com cve@gitlab.com |
wireshark_foundation — wireshark | GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file | 2024-01-03 | 7.8 | CVE-2024-0208 cve@gitlab.com cve@gitlab.com |
wireshark_foundation — wireshark | IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file | 2024-01-03 | 7.8 | CVE-2024-0209 cve@gitlab.com cve@gitlab.com |
wireshark_foundation — wireshark | Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | 2024-01-03 | 7.8 | CVE-2024-0210 cve@gitlab.com cve@gitlab.com |
wireshark_foundation — wireshark | DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | 2024-01-03 | 7.8 | CVE-2024-0211 cve@gitlab.com cve@gitlab.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. This issue affects JS Help Desk – Best Help Desk & Support Plugin through 2.7.1. | 2024-01-05 | 10 | CVE-2022-46839 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN through 4.0. | 2023-12-29 | 10 | CVE-2023-51475 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker through 10.6.6. | 2023-12-29 | 9.8 | CVE-2023-25054 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps through 3.18.3. | 2023-12-29 | 9.8 | CVE-2023-51411 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms through 1.0.25. | 2023-12-29 | 9.8 | CVE-2023-51412 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newslettersthrough 2.1. | 2023-12-29 | 9.8 | CVE-2023-51414 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome through 1.11.10.7. | 2023-12-29 | 9.8 | CVE-2023-51419 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. | 2023-12-29 | 9.9 | CVE-2023-51421 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. | 2023-12-31 | 9.8 | CVE-2023-51423 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.10.1. | 2023-12-29 | 9.8 | CVE-2023-51468 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestres do WP Checkout Mestres WP. This issue affects Checkout Mestres WP through 7.1.9.6. | 2023-12-31 | 9.8 | CVE-2023-51469 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin. This issue affects TerraClassifieds – Simple Classifieds Plugin through 2.0.3. | 2023-12-29 | 9.8 | CVE-2023-51473 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store through 1.0.6. | 2023-12-29 | 9.8 | CVE-2023-51505 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in Presslabs Theme per user. This issue affects Theme per userthrough 1.0.1. | 2023-12-31 | 9.8 | CVE-2023-52181 audit@patchstack.com |
wordpress — wordpress | Missing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg through 1.4.12. | 2023-12-29 | 8.8 | CVE-2023-22676 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet through 2.1.8. | 2023-12-29 | 8.8 | CVE-2023-22677 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files through 1.0.1. | 2023-12-29 | 8.8 | CVE-2023-32095 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor through 2.6.10. | 2023-12-31 | 8.8 | CVE-2023-39157 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in TienCOP WP EXtra. This issue affects WP EXtra through 6.2. | 2023-12-29 | 8.8 | CVE-2023-46623 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons through 1.5.2. | 2023-12-29 | 8.8 | CVE-2023-47840 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro through 4.3.1. | 2023-12-29 | 8.8 | CVE-2023-49830 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API through 4.10.1. | 2023-12-29 | 8.8 | CVE-2023-50878 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve through 2.5.1. | 2023-12-29 | 8.8 | CVE-2023-50902 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking through 4.5.33. | 2023-12-29 | 8.8 | CVE-2023-51354 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms through 1.0.1. | 2023-12-29 | 8.8 | CVE-2023-51358 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder. This issue affects Rise Blocks – A Complete Gutenberg Page Builder through 3.1. | 2023-12-29 | 8.8 | CVE-2023-51378 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder through 3.19.17. | 2023-12-29 | 8.8 | CVE-2023-51402 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log through 1.1.2. | 2023-12-29 | 8.8 | CVE-2023-51410 audit@patchstack.com |
wordpress — wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons through 1.2.3. | 2023-12-29 | 8.8 | CVE-2023-51417 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. | 2023-12-29 | 8.8 | CVE-2023-51420 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. | 2023-12-29 | 8.8 | CVE-2023-51422 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.11.1. | 2023-12-29 | 8.8 | CVE-2023-51470 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. This issue affects Job Manager & Career – Manage job board listings, and recruitments through 1.4.4. | 2023-12-29 | 8.8 | CVE-2023-51545 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WhileTrue Most And Least Read Posts Widget. This issue affects Most And Least Read Posts Widget through 2.5.16. | 2023-12-31 | 8.8 | CVE-2023-52133 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor. This issue affects Dynamic Content for Elementor before 2.12.5. | 2024-01-05 | 8.8 | CVE-2023-52150 audit@patchstack.com |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder. This issue affects ARI Stream Quiz – WordPress Quizzes Builder through 1.3.0. | 2023-12-31 | 8.8 | CVE-2023-52182 audit@patchstack.com |
wordpress — wordpress | The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin’s settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched. | 2024-01-03 | 8.6 | CVE-2023-6600 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login through 5.6.1. | 2023-12-29 | 7.5 | CVE-2022-44589 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress through 2.5.21. | 2023-12-29 | 7.2 | CVE-2023-40606 audit@patchstack.com |
wordpress — wordpress | Improper Control of Generation of Code (‘Code Injection’) vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension through 2.0.3. | 2023-12-29 | 7.2 | CVE-2023-45751 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form. This issue affects Login Lockdown – Protect Login Form through 2.06. | 2023-12-29 | 7.2 | CVE-2023-50837 audit@patchstack.com |
wordpress — wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway through 7.6.1. | 2024-01-05 | 7.5 | CVE-2023-51502 audit@patchstack.com |
wordpress — wordpress | Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo through 6.9.2. | 2023-12-31 | 7.5 | CVE-2023-51503 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4. This issue affects AI Power: Complete AI Pack – Powered by GPT-4 through 1.8.2. | 2023-12-29 | 7.5 | CVE-2023-51527 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin. This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin through 1.7.6. | 2023-12-31 | 7.2 | CVE-2023-51547 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple through 1.7.6. | 2023-12-29 | 7.5 | CVE-2023-51687 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress through 3.3.26. | 2023-12-29 | 7.5 | CVE-2023-51688 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Zinc Page Generator. This issue affects Page Generator through 1.7.1. | 2023-12-31 | 7.2 | CVE-2023-52131 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jewel Theme WP Adminify. This issue affects WP Adminify through 3.1.6. | 2023-12-31 | 7.2 | CVE-2023-52132 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eyal Fitoussi GEO my WordPress. This issue affects GEO my WordPress through 4.0.2. | 2023-12-31 | 7.2 | CVE-2023-52134 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress through 1.9.170. | 2023-12-29 | 7.2 | CVE-2023-52135 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout. This issue affects WP Stripe Checkout through 1.2.2.37. | 2024-01-05 | 7.5 | CVE-2023-52143 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. This issue affects Recipe Maker For Your Food Blog from Zip Recipes through 8.1.0. | 2023-12-31 | 7.6 | CVE-2023-52180 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin. This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin through 2.1.9. | 2023-12-31 | 7.5 | CVE-2023-52185 audit@patchstack.com |
wordpress — wordpress | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-03 | 7.2 | CVE-2023-7027 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons. This issue affects YITH WooCommerce Product Add-Ons through 4.3.0. | 2023-12-31 | 9.1 | CVE-2023-49777 audit@patchstack.com |
xnview — xnview_classic | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | 2023-12-29 | 9.8 | CVE-2023-52173 cve@mitre.org cve@mitre.org |
xnview — xnview_classic | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | 2023-12-29 | 9.8 | CVE-2023-52174 cve@mitre.org cve@mitre.org |
yaztek_software_technologies_and_computer_systems — e-commerce_software |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4674 iletisim@usom.gov.tr |
zzcms — zzcms | ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 2023-12-29 | 9.8 | CVE-2023-50104 cve@mitre.org |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
antisamy-dotnet — antisamy-dotnet | OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also, it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the ` |
2024-01-02 | 6.1 | CVE-2023-51652 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
campcodes — online_college_library_system | A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability. | 2023-12-30 | 4.7 | CVE-2023-7175 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cloudflare,_inc. — wrangler | Sending specially crafted HTTP requests and inspector messages to Wrangler’s dev server could result in any file on the user’s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. | 2023-12-29 | 5.7 | CVE-2023-7079 cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com |
cloudflare,_inc. — zlib | Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. | 2024-01-04 | 4 | CVE-2023-6992 cna@cloudflare.com cna@cloudflare.com |
code-projects — client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. | 2023-12-29 | 4.8 | CVE-2023-7143 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects — qr_code_generator | A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input “> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability. | 2023-12-29 | 6.1 | CVE-2023-7149 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeastro — internet_banking_system | A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability. | 2024-01-02 | 6.3 | CVE-2024-0194 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
craft_cms — craft_cms | Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. | 2024-01-03 | 5.4 | CVE-2024-21622 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
cubefs — cubefs | CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the amount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment – otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading. | 2024-01-03 | 6.5 | CVE-2023-46738 security-advisories@github.com security-advisories@github.com |
cubefs — cubefs | CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading. | 2024-01-03 | 6.5 | CVE-2023-46739 security-advisories@github.com security-advisories@github.com |
cubefs — cubefs | CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the “accesKey”, CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade. | 2024-01-03 | 6.5 | CVE-2023-46740 security-advisories@github.com security-advisories@github.com |
cubefs — cubefs | CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has successfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading. | 2024-01-03 | 4.8 | CVE-2023-46741 security-advisories@github.com security-advisories@github.com |
cubefs — cubefs | CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak user’s secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the user’s secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS. | 2024-01-03 | 4.8 | CVE-2023-46742 security-advisories@github.com security-advisories@github.com |
google — android | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | 2024-01-02 | 6.7 | CVE-2023-32872 security@mediatek.com |
google — android | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | 2024-01-02 | 6.7 | CVE-2023-32877 security@mediatek.com |
google — android | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. | 2024-01-02 | 6.7 | CVE-2023-32879 security@mediatek.com |
google — android | In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. | 2024-01-02 | 6.7 | CVE-2023-32882 security@mediatek.com |
google — android | In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | 2024-01-02 | 6.7 | CVE-2023-32883 security@mediatek.com |
google — android | In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. | 2024-01-02 | 6.7 | CVE-2023-32884 security@mediatek.com |
google — android | In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685. | 2024-01-02 | 6.7 | CVE-2023-32885 security@mediatek.com |
google — android | In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. | 2024-01-02 | 6.7 | CVE-2023-32891 security@mediatek.com |
google — android | In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. | 2024-01-02 | 4.4 | CVE-2023-32875 security@mediatek.com |
google — android | In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. | 2024-01-02 | 4.4 | CVE-2023-32876 security@mediatek.com |
google — android | In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. | 2024-01-02 | 4.4 | CVE-2023-32878 security@mediatek.com |
google — android | In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. | 2024-01-02 | 4.4 | CVE-2023-32880 security@mediatek.com |
google — android | In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080. | 2024-01-02 | 4.4 | CVE-2023-32881 security@mediatek.com |
hail — hail | Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user’s domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. | 2023-12-29 | 5.3 | CVE-2023-51663 security-advisories@github.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. | 2024-01-03 | 5.4 | CVE-2023-50344 psirt@hcl.com |
hihonor — fri-an00_firmware | Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. | 2023-12-29 | 5.5 | CVE-2023-23426 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — honorboardapp | Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. | 2023-12-29 | 5.5 | CVE-2023-23434 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — lge-an00_firmware | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions | 2023-12-29 | 5.5 | CVE-2023-23438 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — lge-an00_firmware | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2023-12-29 | 5.5 | CVE-2023-23439 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — lge-an00_firmware | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2023-12-29 | 5.5 | CVE-2023-23440 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 5.5 | CVE-2023-51429 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 5.5 | CVE-2023-23441 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 5.5 | CVE-2023-51430 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 5.5 | CVE-2023-51432 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 5.5 | CVE-2023-51433 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — magic_ui | Some Honor products are affected by type confusion vulnerability; successful exploitation could cause denial of service. | 2023-12-29 | 5.5 | CVE-2023-6939 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — phoneservice | Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions. | 2023-12-29 | 5.5 | CVE-2023-51431 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hihonor — vmall | Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak | 2023-12-29 | 5.5 | CVE-2023-23437 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
hitachi_energy — multiple_products | A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. | 2024-01-04 | 4.5 | CVE-2022-3864 cybersecurity@hitachienergy.com |
hospital_management_system — hospital_management_system | A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability. | 2023-12-30 | 4.3 | CVE-2023-7173 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
icewarp — icewarp | A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27″()%26%25 |
2024-01-05 | 4.3 | CVE-2024-0246 cna@vuldb.com cna@vuldb.com |
ipaddress — ipaddress | An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. | 2023-12-29 | 5.5 | CVE-2023-50570 cve@mitre.org |
jline — jline | An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | 2023-12-29 | 5.5 | CVE-2023-50572 cve@mitre.org |
kernelsu — kernelsu | KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available. | 2024-01-02 | 6.7 | CVE-2023-49794 security-advisories@github.com security-advisories@github.com |
kruise — kruise | Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the “captured” secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | 2024-01-03 | 6.5 | CVE-2023-30617 security-advisories@github.com |
lenovo — lenovo_browser_mobile | A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | 2024-01-03 | 6.5 | CVE-2023-6540 psirt@lenovo.com |
libredwg — libredwg | Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. | 2024-01-02 | 5.5 | CVE-2023-26157 report@snyk.io report@snyk.io report@snyk.io |
linux — kernel | A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. | 2024-01-02 | 6.1 | CVE-2023-7192 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
logobee — logobee | LogoBee 0.2 allows updates.php?id= XSS. | 2023-12-30 | 6.1 | CVE-2023-52257 cve@mitre.org |
magic-api — magic-api | A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. | 2024-01-02 | 6.3 | CVE-2024-0196 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mattermost — mattermost | Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. | 2023-12-29 | 6.1 | CVE-2023-7113 responsibledisclosure@mattermost.com |
mattermost — mattermost | Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/ |
2024-01-02 | 4.3 | CVE-2023-47858 responsibledisclosure@mattermost.com |
mattermost — mattermost | Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. | 2024-01-02 | 4.3 | CVE-2023-48732 responsibledisclosure@mattermost.com |
mdaemon — securitygateway | MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators. | 2023-12-31 | 4.8 | CVE-2023-52269 cve@mitre.org cve@mitre.org |
mediatek — software_development_kit | In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. | 2024-01-02 | 5.5 | CVE-2023-32831 security@mediatek.com |
moxa– oncell_g3150a-lte_series | A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. | 2023-12-31 | 5.3 | CVE-2023-6093 psirt@moxa.com |
moxa– oncell_g3150a-lte_series | A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. | 2023-12-31 | 5.3 | CVE-2023-6094 psirt@moxa.com |
novel-plus — novel-plus | A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. | 2023-12-29 | 5.4 | CVE-2023-7166 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
novel-plus — novel-plus | A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307. | 2023-12-29 | 4.8 | CVE-2023-7171 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability. | 2024-01-02 | 6.3 | CVE-2024-0192 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504. | 2024-01-02 | 5.3 | CVE-2024-0191 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443. | 2024-01-02 | 4.7 | CVE-2024-0185 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
ocsinventory — ocsinventory | OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 2024-01-04 | 4.9 | CVE-2023-3726 help@fluidattacks.com help@fluidattacks.com |
openharmony — openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources | 2024-01-02 | 5.5 | CVE-2023-47216 scy@openharmony.io |
openharmony — openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. | 2024-01-02 | 5.5 | CVE-2023-47857 scy@openharmony.io |
openharmony — openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | 2024-01-02 | 5.5 | CVE-2023-48360 scy@openharmony.io |
openharmony — openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | 2024-01-02 | 5.5 | CVE-2023-49135 scy@openharmony.io |
openxiangshan — xiangshan | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | 2023-12-30 | 5.5 | CVE-2023-50559 cve@mitre.org cve@mitre.org |
own_health_record — own_health_record | A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. | 2023-12-30 | 4.3 | CVE-2018-25096 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pandora_fms — pandora_fms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 6.1 | CVE-2023-41813 security@pandorafms.com |
pandora_fms — pandora_fms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 6.1 | CVE-2023-41814 security@pandorafms.com |
pandora_fms — pandora_fms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 6.1 | CVE-2023-41815 security@pandorafms.com |
pandora_fms — pandora_fms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 6.1 | CVE-2023-44089 security@pandorafms.com |
poly — multiple_products | A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability. | 2023-12-29 | 6.5 | CVE-2023-4465 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly — multiple_products | A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. | 2023-12-29 | 5.9 | CVE-2023-4462 cna@vuldb.com cna@vuldb.com nvd@nist.gov cna@vuldb.com cna@vuldb.com |
poly — multiple_products | A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259. | 2023-12-29 | 4.9 | CVE-2023-4466 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly — trio_8800_firmware | A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. | 2023-12-29 | 6.6 | CVE-2023-4467 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
prestashop — prestashop | PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig’s escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue. | 2024-01-02 | 5.4 | CVE-2024-21628 security-advisories@github.com security-advisories@github.com |
qemu — qemu | A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | 2024-01-02 | 4.9 | CVE-2023-6693 secalert@redhat.com secalert@redhat.com |
qnap_systems_inc. — qcalagent | An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later | 2024-01-05 | 6.3 | CVE-2023-41289 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | 2024-01-05 | 6.6 | CVE-2023-39294 security@qnapsecurity.com.tw |
qnap_systems_inc. — qumagie | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 5.5 | CVE-2023-47559 security@qnapsecurity.com.tw |
qnap_systems_inc. — video_station | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | 2024-01-05 | 4.3 | CVE-2023-41287 security@qnapsecurity.com.tw |
qualcomm,_inc. — snapdragon | Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | 2024-01-02 | 6.7 | CVE-2023-28583 product-security@qualcomm.com |
qualcomm,_inc. — snapdragon | Memory corruption while receiving a message in Bus Socket Transport Server. | 2024-01-02 | 6.7 | CVE-2023-33038 product-security@qualcomm.com |
rust-ethereum — rust-ethereum | Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available. | 2024-01-02 | 5.9 | CVE-2024-21629 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
rust-vmm — rust-vmm | vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code. | 2024-01-02 | 5.7 | CVE-2023-50711 security-advisories@github.com security-advisories@github.com |
samsung_mobile — nearby_device_scanning | Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | 2024-01-04 | 4 | CVE-2024-20808 mobile.security@samsung.com |
samsung_mobile — nearby_device_scanning | Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | 2024-01-04 | 4 | CVE-2024-20809 mobile.security@samsung.com |
samsung_mobile — samsung_mobile_devices | Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | 2024-01-04 | 6.8 | CVE-2024-20803 mobile.security@samsung.com |
samsung_mobile — samsung_mobile_devices | Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. | 2024-01-04 | 6.2 | CVE-2024-20806 mobile.security@samsung.com |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users’ notification in a multi-user environment. | 2024-01-04 | 4.6 | CVE-2024-20802 mobile.security@samsung.com |
samsung_mobile — samsung_mobile_devices | Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. | 2024-01-04 | 4 | CVE-2024-20804 mobile.security@samsung.com |
sesami — cash_point_&_transport_optimizer | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via “Back Button Refresh” attack. | 2023-12-29 | 5.5 | CVE-2023-31292 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 2023-12-29 | 5.3 | CVE-2023-31296 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | 2023-12-29 | 4.8 | CVE-2023-31298 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | 2023-12-29 | 6.1 | CVE-2023-31301 cve@mitre.org |
silicon_labs — gecko_sdk | Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | 2024-01-03 | 6.8 | CVE-2023-5138 product-security@silabs.com product-security@silabs.com |
sourcecodester — engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability. | 2023-12-29 | 6.1 | CVE-2023-7160 cna@vuldb.com cna@vuldb.com |
spider-flow — spider-flow | A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. | 2024-01-02 | 6.3 | CVE-2024-0195 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
thirtybees — bees_blog | The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. | 2023-12-30 | 6.1 | CVE-2023-52264 cve@mitre.org cve@mitre.org cve@mitre.org |
tongda — office_anywhere_2017 | A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-30 | 4.3 | CVE-2023-7180 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
vapor — vapor | Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor’s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI’s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation’s `URL` and `URLComponents` utilities. | 2024-01-03 | 6.5 | CVE-2024-21631 security-advisories@github.com security-advisories@github.com |
view_component — view_component | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`. | 2024-01-04 | 6.1 | CVE-2024-21636 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
winter_cms — winter_cms | Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. | 2023-12-29 | 5.4 | CVE-2023-52085 security-advisories@github.com security-advisories@github.com |
wiremock — wiremock | WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker’s file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized. | 2023-12-29 | 6.1 | CVE-2023-50069 cve@mitre.org |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. Thís issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms through 1.2.8. | 2023-12-29 | 6.1 | CVE-2023-31095 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP Directory Kit. This issue affects WP Directory Kit through 1.1.9. | 2023-12-29 | 6.1 | CVE-2023-31229 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager through 3.3.9. | 2023-12-29 | 6.1 | CVE-2023-31237 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer through 2.0.6. | 2023-12-29 | 6.1 | CVE-2023-32101 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder through 4.0.9.3. | 2023-12-29 | 6.1 | CVE-2023-32517 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme through 5.9.1. | 2023-12-29 | 6.1 | CVE-2023-50892 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza – WordPress Website and WooCommerce Builder through 8.17.4. | 2023-12-29 | 6.1 | CVE-2023-50893 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega – Absolute Addons For Elementor through 2.3.8. | 2023-12-29 | 6.1 | CVE-2023-50901 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes through 4.0.2. | 2023-12-29 | 6.1 | CVE-2023-51373 audit@patchstack.com |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor through 3.9.1.1. | 2023-12-29 | 6.5 | CVE-2023-51676 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS. This issue affects WP Tabs – Responsive Tabs Plugin for WordPressthrough 2.2.0. | 2024-01-05 | 6.5 | CVE-2023-52124 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in webvitaly iframe allows Stored XSS. This issue affects iframe through 4.8. | 2024-01-05 | 6.5 | CVE-2023-52125 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress through 9.0.4. | 2024-01-05 | 6.3 | CVE-2023-52129 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS. This issue affects WP Affiliate Disclosure through 1.2.7. | 2024-01-05 | 6.5 | CVE-2023-52178 audit@patchstack.com |
wordpress — wordpress | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-03 | 6.4 | CVE-2023-6524 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-03 | 6.1 | CVE-2023-6629 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more. | 2024-01-04 | 6.5 | CVE-2023-6733 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-03 | 6.4 | CVE-2023-6747 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-06 | 6.4 | CVE-2023-6801 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the ‘group_id’ parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be leveraged to achieve Reflected Cross-site Scripting. | 2024-01-03 | 6.1 | CVE-2023-6981 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-03 | 6.4 | CVE-2023-6986 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-04 | 6.4 | CVE-2023-7044 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit through 3.78784. | 2023-12-29 | 5.4 | CVE-2023-50879 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress through 11.3.1. | 2023-12-29 | 5.4 | CVE-2023-50880 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.15. | 2023-12-29 | 5.4 | CVE-2023-50881 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder – WordPress Page Builder through 2.7.2. | 2023-12-29 | 5.4 | CVE-2023-50889 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress – Zoho Forms through 3.0.1. | 2023-12-29 | 5.4 | CVE-2023-50891 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS. This issue affects Brizy – Page Builder through 2.4.29. | 2023-12-29 | 5.4 | CVE-2023-51396 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search through 1.0.4. | 2023-12-29 | 5.4 | CVE-2023-51397 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget through 1.6.3. | 2023-12-29 | 5.4 | CVE-2023-51399 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form through 1.2.28. | 2023-12-29 | 5.4 | CVE-2023-51517 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker through 3.23.4. | 2023-12-29 | 5.4 | CVE-2023-51541 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu. This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu through 7.0.17. | 2024-01-05 | 5.4 | CVE-2023-51673 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more. This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more through 8.5.2. | 2024-01-05 | 5.4 | CVE-2023-52120 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images through 1.10.2. | 2024-01-05 | 5.4 | CVE-2023-52121 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email. This issue affects Send Users Email through 1.4.3. | 2024-01-05 | 5.3 | CVE-2023-52126 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution. This issue affects 404 Solution through 2.33.0. | 2024-01-05 | 5.3 | CVE-2023-52146 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.30. | 2024-01-05 | 5.3 | CVE-2023-52148 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button. This issue affects Floating Button through 6.0. | 2024-01-05 | 5.4 | CVE-2023-52149 audit@patchstack.com |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin. This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin through 5.1.0.2. | 2024-01-05 | 5.3 | CVE-2023-52151 audit@patchstack.com |
wordpress — wordpress | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagelayer_header_code’, ‘pagelayer_body_open_code’, and ‘pagelayer_footer_code’ meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7. | 2024-01-04 | 5.4 | CVE-2023-6738 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin’s settings including proxy settings, which are also exposed to authors. | 2024-01-06 | 5.4 | CVE-2023-6798 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-03 | 5.3 | CVE-2023-6984 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_settings’ function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. | 2024-01-03 | 5.4 | CVE-2024-0201 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress through 1.6.17. | 2023-12-29 | 4.8 | CVE-2023-50896 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button through 1.1.8. | 2023-12-29 | 4.8 | CVE-2023-51361 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget through 1.1.9. | 2023-12-29 | 4.8 | CVE-2023-51371 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS. This issue affects HashBar – WordPress Notification Bar through 1.4.1. | 2023-12-29 | 4.8 | CVE-2023-51372 audit@patchstack.com |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation through 1.0.11. | 2023-12-29 | 4.8 | CVE-2023-51374 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CleanTalk – Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk through 6.20. | 2024-01-05 | 4.3 | CVE-2023-51535 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin through 6.1.5. | 2024-01-05 | 4.3 | CVE-2023-51538 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions. This issue affects Apollo13 Framework Extensions through 1.9.1. | 2024-01-05 | 4.3 | CVE-2023-51539 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress. This issue affects Inline Image Upload for BBPress through 1.1.18. | 2024-01-05 | 4.3 | CVE-2023-51668 audit@patchstack.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More through 6.9.18. | 2023-12-29 | 4.7 | CVE-2023-51675 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search through 2.0.33. | 2024-01-05 | 4.3 | CVE-2023-51678 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building through 3.1.18. | 2024-01-05 | 4.3 | CVE-2023-52119 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board. This issue affects Simple Job Board through 2.10.6. | 2024-01-05 | 4.3 | CVE-2023-52122 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials. This issue affects Strong Testimonials through 3.1.10. | 2024-01-05 | 4.3 | CVE-2023-52123 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce. This issue affects WPC Product Bundles for WooCommerce through 7.3.1. | 2024-01-05 | 4.3 | CVE-2023-52127 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard. This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard through 2.9.0. | 2024-01-05 | 4.3 | CVE-2023-52128 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.31. | 2024-01-05 | 4.3 | CVE-2023-52130 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget. This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget through 2.1.2. | 2024-01-05 | 4.3 | CVE-2023-52136 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts. This issue affects Republish Old Posts through 1.21. | 2024-01-05 | 4.3 | CVE-2023-52145 audit@patchstack.com |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board. This issue affects WP Job Portal – A Complete Job Board through 2.0.6. | 2024-01-05 | 4.3 | CVE-2023-52184 audit@patchstack.com |
wordpress — wordpress | The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. | 2024-01-05 | 4.3 | CVE-2023-6493 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-04 | 4.4 | CVE-2023-6498 security@wordfence.com security@wordfence.com |
wordpress — wordpress | The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the ‘delete’ action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-03 | 4.3 | CVE-2023-6980 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress | The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information. | 2024-01-03 | 4.3 | CVE-2023-7068 security@wordfence.com security@wordfence.com |
zte — red_magic_8_pro | Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | 2024-01-04 | 6.6 | CVE-2023-41784 psirt@zte.com.cn |
zte — zxcloud_irai | There is a local privilege escalation vulnerability of ZTE’s ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | 2024-01-03 | 6.7 | CVE-2023-41776 psirt@zte.com.cn |
zte — zxcloud_irai | There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges. | 2024-01-03 | 6.4 | CVE-2023-41780 psirt@zte.com.cn |
zte — zxcloud_irai | There is an illegal memory access vulnerability of ZTE’s ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | 2024-01-03 | 4.4 | CVE-2023-41779 psirt@zte.com.cn |
zte — zxcloud_irai | There is a command injection vulnerability of ZTE’s ZXCLOUD iRAI. Due to the program failed to adequately validate the user’s input, an attacker could exploit this vulnerability to escalate local privileges. | 2024-01-03 | 4.3 | CVE-2023-41783 psirt@zte.com.cn |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acumos — design_studio | A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420. | 2024-01-02 | 3.5 | CVE-2018-25097 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
collective_idea, inc. — audited | A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. | 2024-01-04 | 3.1 | CVE-2024-22047 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | 2024-01-03 | 3.7 | CVE-2023-50345 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | 2024-01-03 | 3.1 | CVE-2023-50346 psirt@hcl.com |
hcl_software — dryice_myxalytics | HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. | 2024-01-03 | 3.1 | CVE-2023-50348 psirt@hcl.com |
huiran — host_reseller_system | A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444. | 2024-01-02 | 3.7 | CVE-2024-0186 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
libssh — libssh | A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. | 2024-01-03 | 3.9 | CVE-2023-6004 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
mattermost — mattermost | Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | 2024-01-02 | 3.7 | CVE-2023-50333 responsibledisclosure@mattermost.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability. | 2024-01-02 | 3.1 | CVE-2024-0188 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability. | 2024-01-02 | 3.5 | CVE-2024-0189 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503. | 2024-01-02 | 3.5 | CVE-2024-0190 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability. | 2024-01-01 | 2.4 | CVE-2024-0181 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability. | 2024-01-01 | 2.4 | CVE-2024-0183 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nueva_ecija_engineer_online_portal — nueva_ecija_engineer_online_portal | A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability. | 2024-01-02 | 2.4 | CVE-2024-0184 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
openharmony — openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. | 2024-01-02 | 3.3 | CVE-2023-49142 scy@openharmony.io |
packagekit — packagekit | A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. | 2024-01-03 | 3.3 | CVE-2024-0217 secalert@redhat.com secalert@redhat.com |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45039 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45040 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45041 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45042 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45043 security@qnapsecurity.com.tw |
qnap_systems_inc. — qts/quts_hero | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 3.8 | CVE-2023-45044 security@qnapsecurity.com.tw |
qnap_systems_inc. — qumagie | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 3.5 | CVE-2023-47219 security@qnapsecurity.com.tw |
samsung_mobile — samsung_email | Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information. | 2024-01-04 | 3.3 | CVE-2024-20807 mobile.security@samsung.com |
samsung_mobile — samsung_mobile_devices | Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. | 2024-01-04 | 3.3 | CVE-2024-20805 mobile.security@samsung.com |
wordpress — wordpress | A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability. | 2024-01-02 | 3.5 | CVE-2015-10128 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress — wordpress | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection through 8.1.4. | 2023-12-29 | 3.7 | CVE-2023-28786 audit@patchstack.com |
zimbra — zm-ajax | A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability. | 2024-01-02 | 2.6 | CVE-2017-20188 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
zte — zxcloud_irai | There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | 2024-01-05 | 3.9 | CVE-2023-41782 psirt@zte.com.cn |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abo.cms — abo.cms | SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | 2024-01-06 | not yet calculated | CVE-2023-46953 cve@mitre.org |
aoyun_technology — pbootcms | Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. | 2024-01-04 | not yet calculated | CVE-2023-50082 cve@mitre.org cve@mitre.org |
apache — inlong | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache InLong. This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | 2024-01-03 | not yet calculated | CVE-2023-51784 security@apache.org security@apache.org |
apache — inlong | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make an arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331 | 2024-01-03 | not yet calculated | CVE-2023-51785 security@apache.org security@apache.org |
apache — openoffice | Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. | 2023-12-29 | not yet calculated | CVE-2023-47804 security@apache.org security@apache.org security@apache.org |
apiida_ag — api_gateway_manager | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | 2024-01-03 | not yet calculated | CVE-2023-50092 cve@mitre.org cve@mitre.org |
apiida_ag — api_gateway_manager | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. | 2024-01-03 | not yet calculated | CVE-2023-50093 cve@mitre.org cve@mitre.org |
autel_robotics — evo_nano | Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). | 2024-01-06 | not yet calculated | CVE-2023-50121 cve@mitre.org |
automatic_systems — soc_fl9600_fastline | Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information. | 2024-01-03 | not yet calculated | CVE-2023-37607 cve@mitre.org cve@mitre.org cve@mitre.org |
automatic_systems — soc_fl9600_fastline | An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials. | 2024-01-03 | not yet calculated | CVE-2023-37608 cve@mitre.org cve@mitre.org cve@mitre.org |
ava_teaching_video_application — ava_teaching_video_application | Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | 2024-01-06 | not yet calculated | CVE-2023-50609 cve@mitre.org |
brave_software,_inc. — brave_browser | Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | 2023-12-30 | not yet calculated | CVE-2023-52263 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
cesanta_software — mjs | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | 2024-01-02 | not yet calculated | CVE-2023-49549 cve@mitre.org |
cesanta_software — mjs | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | 2024-01-02 | not yet calculated | CVE-2023-49552 cve@mitre.org |
cesanta_software — mjs | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | 2024-01-02 | not yet calculated | CVE-2023-49553 cve@mitre.org |
cetic-6lbr — cetic-6lbr | examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. | 2023-12-31 | not yet calculated | CVE-2021-46901 cve@mitre.org cve@mitre.org |
cherry — cherry | handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. | 2024-01-05 | not yet calculated | CVE-2024-22086 cve@mitre.org |
class.upload.php — class.upload.php | As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines. | 2024-01-04 | not yet calculated | CVE-2023-6551 cvd@cert.pl cvd@cert.pl |
cmark-gfm — cmark-gfm | CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. | 2024-01-04 | not yet calculated | CVE-2024-22051 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
dzzoffice — dzzoffice | SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | 2024-01-06 | not yet calculated | CVE-2023-39853 cve@mitre.org |
ehttp — ehttp | ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this. | 2023-12-31 | not yet calculated | CVE-2023-52266 cve@mitre.org cve@mitre.org |
ehttp — ehttp | ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. | 2023-12-31 | not yet calculated | CVE-2023-52267 cve@mitre.org cve@mitre.org |
encoded_id-rails — encoded_id-rails | encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial-of-service condition by sending an HTTP request with an extremely long “id” parameter. | 2024-01-04 | not yet calculated | CVE-2024-0241 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
firefly-iii — firefly-iii | Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | 2024-01-05 | not yet calculated | CVE-2024-22075 cve@mitre.org |
fit2cloud — cloud_explorer_lite | Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | 2024-01-06 | not yet calculated | CVE-2023-50612 cve@mitre.org |
floorsight_software_llc — customer_portal_q3_2023 | An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 2024-01-02 | not yet calculated | CVE-2023-45893 cve@mitre.org |
floorsight_software_llc — insights_q3_2023 | An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 2024-01-02 | not yet calculated | CVE-2023-45892 cve@mitre.org |
flycms — flycms | FlyCms through abbaa5a allows XSS via the permission management feature. | 2024-01-01 | not yet calculated | CVE-2024-21732 cve@mitre.org |
fortanix — enclaveos_confidential_computing_manager | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. | 2023-12-30 | not yet calculated | CVE-2023-38021 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
fortanix — enclaveos_confidential_computing_manager | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. | 2023-12-30 | not yet calculated | CVE-2023-38022 cve@mitre.org cve@mitre.org |
gila_cms — gila_cms | SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | 2024-01-02 | not yet calculated | CVE-2020-26623 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
gila_cms — gila_cms | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | 2024-01-02 | not yet calculated | CVE-2020-26624 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
gila_cms — gila_cms | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ‘user_id’ parameter after the login portal. | 2024-01-02 | not yet calculated | CVE-2020-26625 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
gl.inet — multiple_products | An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | 2024-01-03 | not yet calculated | CVE-2023-50921 cve@mitre.org |
gl.inet — multiple_products | An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | 2024-01-03 | not yet calculated | CVE-2023-50922 cve@mitre.org |
google — chrome | Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-04 | not yet calculated | CVE-2024-0222 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
google — chrome | Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-04 | not yet calculated | CVE-2024-0223 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
google — chrome | Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-04 | not yet calculated | CVE-2024-0224 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
google — chrome | Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-04 | not yet calculated | CVE-2024-0225 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
govuk_tech_docs — govuk_tech_docs | govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user’s browser if a malicious search result is displayed on the search page. | 2024-01-04 | not yet calculated | CVE-2024-22048 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
gpac — gpac | An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | 2024-01-03 | not yet calculated | CVE-2023-46929 cve@mitre.org cve@mitre.org |
httparty — httparty | httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. | 2024-01-04 | not yet calculated | CVE-2024-22049 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
idurar-erp-crm — idurar-erp-crm | IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | 2023-12-30 | not yet calculated | CVE-2023-52265 cve@mitre.org cve@mitre.org |
ifair — ifair | Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. | 2024-01-03 | not yet calculated | CVE-2023-47473 cve@mitre.org cve@mitre.org |
ifranview — ifranview | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | 2024-01-05 | not yet calculated | CVE-2020-13878 cve@mitre.org |
ifranview — ifranview | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. | 2024-01-05 | not yet calculated | CVE-2020-13879 cve@mitre.org |
ifranview — ifranview | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | 2024-01-05 | not yet calculated | CVE-2020-13880 cve@mitre.org |
iodine — iodine | Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. | 2024-01-04 | not yet calculated | CVE-2024-22050 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
jeecg — jeecg | Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | 2024-01-03 | not yet calculated | CVE-2023-49442 cve@mitre.org |
jizhicms — jizhicms | Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | 2024-01-04 | not yet calculated | CVE-2023-51154 cve@mitre.org |
jupyter_notebook_viewer — nbviewer_app | nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | 2024-01-05 | not yet calculated | CVE-2023-51277 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
kantega_software_corp. — kantega_sso | The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.) | 2023-12-29 | not yet calculated | CVE-2023-52240 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
layui — layui | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | 2023-12-30 | not yet calculated | CVE-2023-50550 cve@mitre.org |
linux — kernel | Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn’t use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn’t block further readers to get the lock). | 2024-01-05 | not yet calculated | CVE-2023-34324 security@xen.org |
little-backup-box — little-backup-box | outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. | 2023-12-30 | not yet calculated | CVE-2023-52262 cve@mitre.org cve@mitre.org |
lotos_webserver — lotos_webserver | Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | 2024-01-05 | not yet calculated | CVE-2024-22088 cve@mitre.org |
ly_corp. — line_app | An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 2024-01-03 | not yet calculated | CVE-2023-45559 cve@mitre.org cve@mitre.org |
ly_corp. — line_app | An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 2024-01-02 | not yet calculated | CVE-2023-45561 cve@mitre.org cve@mitre.org cve@mitre.org |
mingsoft_mcms — mingsoft_mcms | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | 2023-12-30 | not yet calculated | CVE-2023-50578 cve@mitre.org |
newtonsoft.json — newtonsoft.json | Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition. | 2024-01-03 | not yet calculated | CVE-2024-21907 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
npmjs — npmjs | A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions | 2024-01-03 | not yet calculated | CVE-2023-39655 cve@mitre.org cve@mitre.org |
o-ran_software_community — o-ran_software_community | An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. | 2024-01-03 | not yet calculated | CVE-2023-42358 cve@mitre.org |
open5gs — open5gs | An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | 2024-01-02 | not yet calculated | CVE-2023-50019 cve@mitre.org cve@mitre.org |
open5gs — open5gs | An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. | 2024-01-02 | not yet calculated | CVE-2023-50020 cve@mitre.org cve@mitre.org |
petero.cbor — petero.cbor | PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial-of-service vulnerability. An attacker may trigger the denial-of-service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition. | 2024-01-03 | not yet calculated | CVE-2024-21909 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
pico — pico | route in main.c in Pico HTTP Server in C through f3b69a6 has a sprintf stack-based buffer overflow via a long URI, leading to remote code execution. | 2024-01-05 | not yet calculated | CVE-2024-22087 cve@mitre.org |
plotly — plotly | In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. | 2024-01-03 | not yet calculated | CVE-2023-46308 cve@mitre.org cve@mitre.org |
prestashop — prestashop | SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | 2024-01-05 | not yet calculated | CVE-2023-50027 cve@mitre.org |
pycryptodome/pycryptodomex — pycryptodome/pycryptodomex | PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | 2024-01-05 | not yet calculated | CVE-2023-52323 cve@mitre.org cve@mitre.org |
rengine — rengine | reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. | 2024-01-01 | not yet calculated | CVE-2023-50094 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
royal_tsx — royal_tsx | Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection. | 2023-12-31 | not yet calculated | CVE-2023-52277 cve@mitre.org |
s-cms — s-cms | S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | 2024-01-04 | not yet calculated | CVE-2023-29962 cve@mitre.org cve@mitre.org |
scone — scone | A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. | 2023-12-30 | not yet calculated | CVE-2022-46486 cve@mitre.org cve@mitre.org cve@mitre.org |
scone — scone | An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an “AEPIC Leak.” | 2023-12-30 | not yet calculated | CVE-2023-38023 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
sesami — cash_point_&_transport_optimizer | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user’s web browser, allowing the journal to be displayed, despite the option being disabled. | 2023-12-29 | not yet calculated | CVE-2023-31293 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 2023-12-29 | not yet calculated | CVE-2023-31294 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 2023-12-29 | not yet calculated | CVE-2023-31295 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. | 2023-12-29 | not yet calculated | CVE-2023-31299 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | 2023-12-29 | not yet calculated | CVE-2023-31300 cve@mitre.org |
sesami — cash_point_&_transport_optimizer | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | 2023-12-29 | not yet calculated | CVE-2023-31302 cve@mitre.org |
spip — spip | ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | 2024-01-04 | not yet calculated | CVE-2023-52322 cve@mitre.org cve@mitre.org |
springblade — springblade | An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | 2024-01-02 | not yet calculated | CVE-2023-47458 cve@mitre.org cve@mitre.org cve@mitre.org |
stmicroelectronics_n.v. — stsafe-a1xx | STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application. | 2024-01-01 | not yet calculated | CVE-2023-50096 cve@mitre.org |
sympa — sympa | Sympa before 6.2.62 relies on a cookie parameter for certain security objectives but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | 2023-12-31 | not yet calculated | CVE-2021-46900 cve@mitre.org cve@mitre.org cve@mitre.org |
tecno_mobile — tecno_camon_x_ca7 | Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | 2023-12-31 | not yet calculated | CVE-2023-52275 cve@mitre.org cve@mitre.org |
tenda — ax3 | Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. | 2024-01-04 | not yet calculated | CVE-2023-51812 cve@mitre.org |
tenda — i29 | Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | 2024-01-05 | not yet calculated | CVE-2023-50991 cve@mitre.org |
the_genie_company — aladdin_connect | Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users’ clear text authentication credentials. | 2024-01-03 | not yet calculated | CVE-2023-5879 cve@rapid7.con |
the_genie_company — aladdin_connect | When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users’ web browser. | 2024-01-03 | not yet calculated | CVE-2023-5880 cve@rapid7.con |
the_genie_company — aladdin_connect | Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) “Garage Door Control Module Setup” and modify the Garage door’s SSID settings. | 2024-01-03 | not yet calculated | CVE-2023-5881 cve@rapid7.con |
tinymce — tinymce | TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser. | 2024-01-03 | not yet calculated | CVE-2024-21908 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
tinymce — tinymce | TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user’s browser. | 2024-01-03 | not yet calculated | CVE-2024-21910 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
tinymce — tinymce | TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser. | 2024-01-03 | not yet calculated | CVE-2024-21911 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
tms — tms | Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. | 2024-01-04 | not yet calculated | CVE-2023-50630 cve@mitre.org |
ureport2 — ureport2 | Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | 2024-01-03 | not yet calculated | CVE-2023-50090 cve@mitre.org |
wasm-micro-runtime — wasm-micro-runtime | Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have a “double free or corruption” error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. | 2023-12-31 | not yet calculated | CVE-2023-52284 cve@mitre.org cve@mitre.org cve@mitre.org |
wordpress — wordpress | The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL’s, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. | 2024-01-01 | not yet calculated | CVE-2023-5877 contact@wpscan.com |
wordpress — wordpress | The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. | 2024-01-01 | not yet calculated | CVE-2023-6000 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress | The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-01 | not yet calculated | CVE-2023-6037 contact@wpscan.com |
wordpress — wordpress | The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly accessible log files containing sensitive information when transactions occur. | 2024-01-01 | not yet calculated | CVE-2023-6064 contact@wpscan.com |
wordpress — wordpress | The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. | 2024-01-01 | not yet calculated | CVE-2023-6113 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress | The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly accessible files, which may allow attackers monitoring those to leak sensitive information from the site’s backups. | 2024-01-01 | not yet calculated | CVE-2023-6271 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress | The Download Manager WordPress plugin before 3.2.83 does not protect file download’s passwords, leaking it upon receiving an invalid one. | 2024-01-01 | not yet calculated | CVE-2023-6421 contact@wpscan.com |
wordpress — wordpress | The Html5 Video Player WordPress plugin before 2.5.19 does not sanitize and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins. | 2024-01-01 | not yet calculated | CVE-2023-6485 contact@wpscan.com |
wordpress — wordpress | The POST SMTP WordPress plugin before 2.8.7 does not sanitize and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2024-01-03 | not yet calculated | CVE-2023-6621 contact@wpscan.com |
xen — xen | Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. | 2024-01-05 | not yet calculated | CVE-2023-34321 security@xen.org |
xen — xen | For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn’t large enough. | 2024-01-05 | not yet calculated | CVE-2023-34322 security@xen.org |
xen — xen | When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). | 2024-01-05 | not yet calculated | CVE-2023-34323 security@xen.org |
xen — xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analysis the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project (“An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.”) CVE-2023-34325 refers specifically to the vulnerabilities in Xen’s copy of libfsimage, which is descended from a very old version of grub. | 2024-01-05 | not yet calculated | CVE-2023-34325 security@xen.org |
xen — xen | The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. | 2024-01-05 | not yet calculated | CVE-2023-34326 security@xen.org |
xen — xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | 2024-01-05 | not yet calculated | CVE-2023-34327 security@xen.org |
xen — xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen’s handling of the guest state, leading to denials of service. 1) CVE-2023-34327 – An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 – A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | 2024-01-05 | not yet calculated | CVE-2023-34328 security@xen.org |
xen — xen | The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4-page table levels. However, dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks. | 2024-01-05 | not yet calculated | CVE-2023-46835 security@xen.org |
xen — xen | The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen. | 2024-01-05 | not yet calculated | CVE-2023-46836 security@xen.org |
xen — xen | Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient. | 2024-01-05 | not yet calculated | CVE-2023-46837 security@xen.org |
yasm — yasm | Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. | 2024-01-03 | not yet calculated | CVE-2023-49554 cve@mitre.org |
yasm — yasm | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | 2024-01-03 | not yet calculated | CVE-2023-49555 cve@mitre.org |
yasm — yasm | Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | 2024-01-03 | not yet calculated | CVE-2023-49556 cve@mitre.org |
yasm — yasm | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. | 2024-01-03 | not yet calculated | CVE-2023-49557 cve@mitre.org |
yasm — yasm | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | 2024-01-03 | not yet calculated | CVE-2023-49558 cve@mitre.org |