Vulnerability Summary for the Week of November 6, 2023

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1e — platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI 2023-11-06 7.2 CVE-2023-45161
MISC
MISC
1e — platform The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI 2023-11-06 7.2 CVE-2023-45163
MISC
MISC
1e — platform The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above. 2023-11-06 7.2 CVE-2023-5964
MISC
MISC
7-zip — 7-zip 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. 2023-11-03 7.8 CVE-2023-31102
MISC
MISC
MISC
advanced_export_products_orders_cron_csv_excel_project — advanced_export_products_orders_cron_csv_excel Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. 2023-11-07 7.5 CVE-2023-43984
arm — valhall_gpu_kernel_driver A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. 2023-11-07 7.8 CVE-2023-3889
arm — valhall_gpu_kernel_driver A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. 2023-11-07 7.8 CVE-2023-4295
asus — rt-ax55_firmware ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. 2023-11-03 8.8 CVE-2023-41345
MISC
asus — rt-ax55_firmware ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. 2023-11-03 8.8 CVE-2023-41346
MISC
asus — rt-ax55_firmware ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. 2023-11-03 8.8 CVE-2023-41347
MISC
asus — rt-ax55_firmware ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. 2023-11-03 8.8 CVE-2023-41348
MISC
asus — rt-ax57_firmware An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function. 2023-11-09 9.8 CVE-2023-47005
asus — rt-ax57_firmware An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function. 2023-11-09 9.8 CVE-2023-47006
asus — rt-ax57_firmware An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function. 2023-11-09 9.8 CVE-2023-47007
asus — rt-ax57_firmware An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function. 2023-11-09 9.8 CVE-2023-47008
best_courier_management_system — best_courier_management_system An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. 2023-11-03 9.8 CVE-2023-46980
MISC
MISC
bestpractical — request_tracker Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. 2023-11-03 7.5 CVE-2023-41259
MISC
CONFIRM
CONFIRM
bestpractical — request_tracker Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. 2023-11-03 7.5 CVE-2023-41260
MISC
CONFIRM
CONFIRM
bestpractical — request_tracker Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. 2023-11-03 7.5 CVE-2023-45024
MISC
CONFIRM
bleachbit — bleachbit BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. 2023-11-08 7.3 CVE-2023-47113
boltwire — boltwire An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. 2023-11-07 9.1 CVE-2023-46501
 
botan_project — botan bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. 2023-11-03 7.5 CVE-2017-7252
CONFIRM
MISC
clickbar — dot-diver Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability. 2023-11-06 9.8 CVE-2023-45827
MISC
MISC
couchbase — couchbase_server Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. 2023-11-08 7.5 CVE-2023-36667
 
djangoproject — django In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. 2023-11-03 7.5 CVE-2023-41164
CONFIRM
MISC
 
djangoproject — django In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. 2023-11-03 7.5 CVE-2023-43665
CONFIRM
MISC
 
ec-cube — ec-cube EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege. 2023-11-07 7.2 CVE-2023-46845

 

eclipse — glassfish In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or 2023-11-03 9.8 CVE-2023-5763
MISC
MISC
eclipse — parsson In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. 2023-11-03 7.5 CVE-2023-4043
MISC
MISC
espressif — esptool An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. 2023-11-09 7.5 CVE-2023-46894
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin 2023-11-09 8.8 CVE-2023-34171
exiv2 — exiv2 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-06 8.8 CVE-2023-44398
MISC
MISC
felixwelberg — sis_handball Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. 2023-11-06 9.8 CVE-2023-33924
MISC
froxlor — froxlor Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0. 2023-11-10 8.8 CVE-2023-6069
 
frrouting — frrouting bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a “flowspec overflow.” 2023-11-06 9.8 CVE-2023-38406
MISC
MISC
frrouting — frrouting bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. 2023-11-06 7.5 CVE-2023-38407
MISC
MISC
MISC
frrouting — frrouting An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). 2023-11-03 7.5 CVE-2023-47234
MISC
frrouting — frrouting An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. 2023-11-03 7.5 CVE-2023-47235
MISC
ge — micom_s1_agile General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. 2023-11-07 7.3 CVE-2023-0898
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. 2023-11-06 7.7 CVE-2023-3399
MISC
MISC
google — android In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357. 2023-11-06 7.8 CVE-2023-32837
MISC
google — android In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273. 2023-11-06 7 CVE-2023-32832
MISC
google — chrome Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-11-08 8.8 CVE-2023-5996

 

gpac — gpac Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. 2023-11-07 7.5 CVE-2023-5998
 
group-office — group_office Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-07 8.8 CVE-2023-46730
 
gss — vitals_enterprise_social_platform Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. 2023-11-03 8.8 CVE-2023-41357
MISC
huawei — emui Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-11-08 7.5 CVE-2023-44098
 
huawei — emui Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. 2023-11-08 7.5 CVE-2023-46765
 
huawei — emui Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-11-08 7.5 CVE-2023-46771
 
huawei — emui Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. 2023-11-08 7.5 CVE-2023-46774
 
huawei — harmonyos Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. 2023-11-08 9.1 CVE-2023-5801
 
huawei — harmonyos Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2023-11-08 7.5 CVE-2023-44115
 
huawei — harmonyos The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. 2023-11-08 7.5 CVE-2023-46757
 
huawei — harmonyos Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. 2023-11-08 7.5 CVE-2023-46758
 
huawei — harmonyos Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-11-08 7.5 CVE-2023-46759
 
huawei — harmonyos Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. 2023-11-08 7.5 CVE-2023-46760
 
huawei — harmonyos Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. 2023-11-08 7.5 CVE-2023-46761
 
huawei — harmonyos Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. 2023-11-08 7.5 CVE-2023-46762
 
huawei — harmonyos Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. 2023-11-08 7.5 CVE-2023-46766
 
huawei — harmonyos Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. 2023-11-08 7.5 CVE-2023-46767
 
huawei — harmonyos Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-11-08 7.5 CVE-2023-46768
 
huawei — harmonyos Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability. 2023-11-08 7.5 CVE-2023-46769
 
huawei — harmonyos Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users’ mobile phones. 2023-11-08 7.5 CVE-2023-46770
 
ibm — cics_tx IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. 2023-11-03 7.5 CVE-2023-43018
MISC
MISC
ibm — mq_appliance IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. 2023-11-03 7.8 CVE-2023-46176
MISC
MISC
ibm — txseries_for_multiplatforms IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. 2023-11-03 8.8 CVE-2023-42027
MISC
MISC
MISC
intelliants — subrion Subrion 4.2.1 has a remote command execution vulnerability in the backend. 2023-11-03 8.8 CVE-2023-46947
MISC
ivanti — automation A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. 2023-11-03 7.8 CVE-2022-44569
MISC
ivanti — avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability 2023-11-03 7.8 CVE-2022-43554
MISC
ivanti — avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability 2023-11-03 7.8 CVE-2022-43555
MISC
ivanti — avalanche Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability 2023-11-03 7.8 CVE-2023-41725
MISC
ivanti — avalanche Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability 2023-11-03 7.8 CVE-2023-41726
MISC
kerawen — kerawen kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). 2023-11-04 9.8 CVE-2023-40922
MISC
kubernetes — apiserver A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client’s API server credentials to third parties. 2023-11-03 8.2 CVE-2022-3172
MISC
MISC
kubernetes — csi_proxy A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. 2023-11-03 8.8 CVE-2023-3893
MISC
MISC
kyocera — d-copia253mf_plus_firmware Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. 2023-11-03 7.5 CVE-2023-34260
MISC
MISC
linagora — twake Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. 2023-11-07 9.8 CVE-2023-2675
 
linux — kernel An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. 2023-11-03 8.1 CVE-2023-1194
MISC
MISC
MISC
linux — kernel A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. 2023-11-03 7 CVE-2023-1476
MISC
MISC
MISC
MISC
lost_and_found_information_system — lost_and_found_information_system Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. 2023-11-03 9.8 CVE-2023-38965
MISC
MISC
macvim — macvim Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root – this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue. 2023-11-07 7.8 CVE-2023-41036

 

mediatek — nr15 In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895. 2023-11-06 7.5 CVE-2023-20702
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2023-11-10 7.3 CVE-2023-36014
microsoft — edge_chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2023-11-03 7.3 CVE-2023-36034
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2023-11-10 7.1 CVE-2023-36024
midori-global — better_pdf_exporter Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export. 2023-11-07 7.8 CVE-2023-42361

 

mitsubishi_electric — fx3u-32mt/es_firmware Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. 2023-11-06 9.1 CVE-2023-4699
MISC
MISC
MISC
mongodb — atlas_kubernetes_operator The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration:  DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) 2023-11-07 7.5 CVE-2023-0436
nationaledtech — boomerang An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. 2023-11-03 9.1 CVE-2023-36621
MISC
MISC
MISC
ncsist — mobile_device_manager NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. 2023-11-03 7.5 CVE-2023-41344
MISC
netskope — netskope Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.  2023-11-06 8.8 CVE-2023-4996
MISC
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. 2023-11-03 9.8 CVE-2023-41350
MISC
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. 2023-11-03 9.8 CVE-2023-41351
MISC
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. 2023-11-03 9.8 CVE-2023-41355
MISC
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. 2023-11-03 8.8 CVE-2023-41353
MISC
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. 2023-11-03 7.2 CVE-2023-41352
MISC
opayweb — opay An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. 2023-11-07 7.5 CVE-2021-43419
 
opendesign — drawings_sdk An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. 2023-11-07 7.8 CVE-2023-5179
openssl — openssl Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn’t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn’t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the “-pubcheck” option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. 2023-11-06 7.5 CVE-2023-5678
MISC
MISC
MISC
MISC
MISC
ortussolutions — coldbox_elixir A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability. 2023-11-06 7.5 CVE-2021-4430
MISC
MISC
MISC
MISC
perforce — helix_core An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. 2023-11-08 9.8 CVE-2023-45849
perforce — helix_core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.   2023-11-08 7.5 CVE-2023-35767
perforce — helix_core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.  2023-11-08 7.5 CVE-2023-45319
perforce — helix_core In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.   2023-11-08 7.5 CVE-2023-5759
phpfox — phpfox An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. 2023-11-03 9.8 CVE-2023-46817
MISC
MISC
MISC
MISC
MISC
prestashop– prestashop In the module “Order Duplicator ” Clone and Delete Existing Order” (orderduplicate) in version 2023-11-07 8.8 CVE-2023-45380
progress — ws_ftp_server In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. 2023-11-07 8.8 CVE-2023-42659
 
projectworlds — online_job_portal Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_password’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 9.8 CVE-2023-46680
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 9.8 CVE-2023-46785
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘pass’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 9.8 CVE-2023-46798
 
puppet — puppet_enterprise Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. 2023-11-07 9.8 CVE-2023-5309
python — pillow An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. 2023-11-03 7.5 CVE-2023-44271
MISC
MISC
MISC
qemu — qemu A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM’s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. 2023-11-03 7 CVE-2023-5088
MISC
MISC
MISC
qnap — music_station A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later 2023-11-03 7.5 CVE-2023-39299
MISC
qnap — qts An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later 2023-11-03 9.8 CVE-2023-23368
MISC
qnap — qts An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later 2023-11-03 9.8 CVE-2023-23369
MISC
qualcomm — snapdragon Memory Corruption in Multi-mode Call Processor while processing bit mask API. 2023-11-07 9.8 CVE-2023-22388
qualcomm — snapdragon Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. 2023-11-07 9.8 CVE-2023-33045
qualcomm — snapdragon Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. 2023-11-07 8.8 CVE-2023-28572
qualcomm — snapdragon Memory Corruption in Core during syscall for Sectools Fuse comparison feature. 2023-11-07 7.8 CVE-2023-21671
qualcomm — snapdragon Memory Corruption in Core due to secure memory access by user while loading modem image. 2023-11-07 7.8 CVE-2023-24852
qualcomm — snapdragon Memory corruption in TZ Secure OS while loading an app ELF. 2023-11-07 7.8 CVE-2023-28545
qualcomm — snapdragon Cryptographic issue in HLOS during key management. 2023-11-07 7.8 CVE-2023-28556
qualcomm — snapdragon Memory corruption while processing audio effects. 2023-11-07 7.8 CVE-2023-28570
qualcomm — snapdragon Memory corruption in core services when Diag handler receives a command to configure event listeners. 2023-11-07 7.8 CVE-2023-28574
qualcomm — snapdragon Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. 2023-11-07 7.8 CVE-2023-33031
qualcomm — snapdragon Memory Corruption in Audio while invoking callback function in driver from ADSP. 2023-11-07 7.8 CVE-2023-33055
qualcomm — snapdragon Memory corruption in Audio while processing the VOC packet data from ADSP. 2023-11-07 7.8 CVE-2023-33059
qualcomm — snapdragon Memory corruption in Audio when SSR event is triggered after music playback is stopped. 2023-11-07 7.8 CVE-2023-33074
qualcomm — snapdragon Transient DOS in WLAN Firmware while parsing no-inherit IES. 2023-11-07 7.5 CVE-2023-33047
qualcomm — snapdragon Transient DOS in WLAN Firmware while parsing t2lm buffers. 2023-11-07 7.5 CVE-2023-33048
qualcomm — snapdragon Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. 2023-11-07 7.5 CVE-2023-33056
qualcomm — snapdragon Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. 2023-11-07 7.5 CVE-2023-33061
qualitor — qalitor Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. 2023-11-06 9.8 CVE-2023-47253
MISC
MISC
MISC
MISC
redlion — crimson The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. 2023-11-06 9.8 CVE-2023-5719
MISC
MISC
relativity — relativityone SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. 2023-11-03 9.8 CVE-2023-46954
MISC
remoteclinic — remote_clinic RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. 2023-11-07 9.8 CVE-2023-33478
remoteclinic — remote_clinic RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. 2023-11-07 9.8 CVE-2023-33479
remoteclinic — remote_clinic RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the ‘start’ GET parameter of patients/index.php. 2023-11-07 9.8 CVE-2023-33481
remoteclinic — remote_clinic RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell. 2023-11-07 8.8 CVE-2023-33480
samba — samba A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. 2023-11-03 9.8 CVE-2023-3961
MISC
MISC
MISC
MISC
MISC
MISC
samsung — android Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background. 2023-11-07 9.8 CVE-2023-42531
samsung — android An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. 2023-11-07 9.8 CVE-2023-42536
samsung — android An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. 2023-11-07 9.8 CVE-2023-42537
samsung — android An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. 2023-11-07 9.8 CVE-2023-42538
samsung — android Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. 2023-11-07 7.8 CVE-2023-30739
samsung — android Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. 2023-11-07 7.8 CVE-2023-42528
samsung — android Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. 2023-11-07 7.8 CVE-2023-42529
samsung — android Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. 2023-11-07 7.8 CVE-2023-42535
samsung — android Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. 2023-11-07 7.5 CVE-2023-42530
samsung — android Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. 2023-11-07 7.5 CVE-2023-42532
samsung — bixby_voice Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. 2023-11-07 7.5 CVE-2023-42543
samsung — exynos_9810_firmware An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. 2023-11-08 7.5 CVE-2023-41111
samsung — exynos_9810_firmware An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. 2023-11-08 7.5 CVE-2023-41112
samsung — phone Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data. 2023-11-07 7.5 CVE-2023-42545
schedmd — slurm SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. 2023-11-03 7 CVE-2023-41914
MISC
CONFIRM
softing — smartlink_sw-ht Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). 2023-11-06 7.5 CVE-2022-48193
MISC
MISC
squid-cache — squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid’s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. 2023-11-06 7.5 CVE-2023-46728
MISC
MISC
squid-cache — squid Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. 2023-11-03 7.5 CVE-2023-46847
MISC
MISC
MISC
MISC
MISC
MISC

 

squid-cache — squid Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. 2023-11-03 7.5 CVE-2023-46848
MISC
MISC
MISC
MISC
MISC
squid-cache — squid Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. 2023-11-03 7.5 CVE-2023-5824
MISC
MISC
MISC
squidex.io — squidex Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE). 2023-11-07 7.2 CVE-2023-46253
strapi — strapi strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-06 7.5 CVE-2023-39345
MISC
swtpm — swtpm In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. 2023-11-03 7.1 CVE-2020-28407
MISC
CONFIRM
CONFIRM
sysaid — sysaid_on-premises In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. 2023-11-10 9.8 CVE-2023-47246

 

wordpress — wordpress The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. 2023-11-06 7.5 CVE-2023-5454
MISC
tenda — ax1806_firmware Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. 2023-11-07 9.1 CVE-2023-47455
tenda — ax1806_firmware Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. 2023-11-07 9.1 CVE-2023-47456
tigera — calico_cloud In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. 2023-11-06 7.5 CVE-2023-41378
MISC
MISC
MISC
tyk — tyk Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. 2023-11-07 9.8 CVE-2023-42283
tyk — tyk Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. 2023-11-07 9.8 CVE-2023-42284
utoronto — pcrs PCRS 2023-11-03 9.9 CVE-2023-46404
MISC
MISC
vaerys-dawn — discordsailv2 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. 2023-11-05 9.8 CVE-2018-25092
MISC
MISC
MISC
MISC
vaerys-dawn — discordsailv2 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484. 2023-11-06 9.8 CVE-2018-25093
MISC
MISC
MISC
MISC
veeam — one A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. 2023-11-07 9.8 CVE-2023-38547
videolan — vlc_media_player Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. 2023-11-07 9.8 CVE-2023-47359
videolan — vlc_media_player Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. 2023-11-07 7.5 CVE-2023-47360
webidsupport — webid WeBid 2023-11-08 9.8 CVE-2023-47397
weintek — easybuilder_pro Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. 2023-11-06 9.8 CVE-2023-5777
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. 2023-11-07 9.8 CVE-2022-45357
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. 2023-11-07 9.8 CVE-2022-45360
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. 2023-11-07 9.8 CVE-2022-45370
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. 2023-11-06 9.8 CVE-2022-45373
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. 2023-11-03 9.8 CVE-2022-45805
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. 2023-11-07 9.8 CVE-2022-45810
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/a through 6.2.0. 2023-11-07 9.8 CVE-2022-46801
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce. This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. 2023-11-07 9.8 CVE-2022-46802
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin. This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. 2023-11-07 9.8 CVE-2022-46803
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. 2023-11-03 9.8 CVE-2022-46808
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. 2023-11-07 9.8 CVE-2022-46809
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. 2023-11-03 9.8 CVE-2022-46818
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. 2023-11-06 9.8 CVE-2022-46849
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. 2023-11-03 9.8 CVE-2022-46859
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. 2023-11-06 9.8 CVE-2022-46860
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. 2023-11-06 9.8 CVE-2022-47420
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4. 2023-11-03 9.8 CVE-2022-47426
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. 2023-11-06 9.8 CVE-2022-47428
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. 2023-11-06 9.8 CVE-2022-47430
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kemal YAZICI – PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8. 2023-11-06 9.8 CVE-2022-47432
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. 2023-11-03 9.8 CVE-2022-47445
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. 2023-11-03 9.8 CVE-2022-47588
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. 2023-11-07 9.8 CVE-2023-22719
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms. This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. 2023-11-07 9.8 CVE-2023-23796
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. 2023-11-03 9.8 CVE-2023-25700
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. 2023-11-03 9.8 CVE-2023-25960
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. 2023-11-03 9.8 CVE-2023-26015
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. 2023-11-06 9.8 CVE-2023-27605
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. 2023-11-06 9.8 CVE-2023-28748
MISC
wordpress — wordpress The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user’s email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin’s team 30 days ago. 2023-11-03 9.8 CVE-2023-3277
MISC
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. 2023-11-03 9.8 CVE-2023-34383
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. 2023-11-06 9.8 CVE-2023-35911
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4. 2023-11-03 9.8 CVE-2023-36529
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. 2023-11-06 9.8 CVE-2023-38382
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. 2023-11-06 9.8 CVE-2023-40207
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. 2023-11-06 9.8 CVE-2023-40609
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. 2023-11-03 9.8 CVE-2023-41652
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. 2023-11-06 9.8 CVE-2023-41685
MISC
wordpress — wordpress Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call. 2023-11-03 9.8 CVE-2023-43982
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0. 2023-11-06 9.8 CVE-2023-45001
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. 2023-11-06 9.8 CVE-2023-45046
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. 2023-11-06 9.8 CVE-2023-45055
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. 2023-11-06 9.8 CVE-2023-45069
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. 2023-11-06 9.8 CVE-2023-45074
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. 2023-11-06 9.8 CVE-2023-45657
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. 2023-11-06 9.8 CVE-2023-45830
MISC
wordpress — wordpress The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. 2023-11-06 9.8 CVE-2023-5601
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter. This issue affects WP CSV Exporter: from n/a through 2.0. 2023-11-07 8.8 CVE-2022-38702
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV. This issue affects Export Users Data CSV: from n/a through 2.1. 2023-11-07 8.8 CVE-2022-41616
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter. This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. 2023-11-07 8.8 CVE-2022-42882
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/a through 1.1.3. 2023-11-07 8.8 CVE-2022-44738
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users. This issue affects amr users: from n/a through 4.59.4. 2023-11-07 8.8 CVE-2022-45348
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool. This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. 2023-11-07 8.8 CVE-2022-45350
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct. This issue affects Export Users Data Distinct: from n/a through 1.3. 2023-11-07 8.8 CVE-2022-46804
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. 2023-11-07 8.8 CVE-2022-47181
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. 2023-11-07 8.8 CVE-2022-47442
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. 2023-11-03 8.8 CVE-2023-25800
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin 2023-11-09 8.8 CVE-2023-25975
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. 2023-11-07 8.8 CVE-2023-25983
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. 2023-11-03 8.8 CVE-2023-25990
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin 2023-11-09 8.8 CVE-2023-25994
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin 2023-11-10 8.8 CVE-2023-29426
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin 2023-11-10 8.8 CVE-2023-29428
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin 2023-11-10 8.8 CVE-2023-29440
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin 2023-11-10 8.8 CVE-2023-30478
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin 2023-11-10 8.8 CVE-2023-31078
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin 2023-11-09 8.8 CVE-2023-31086
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin 2023-11-09 8.8 CVE-2023-31087
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin 2023-11-09 8.8 CVE-2023-31088
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin 2023-11-09 8.8 CVE-2023-31093
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin 2023-11-09 8.8 CVE-2023-31235
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin 2023-11-09 8.8 CVE-2023-32092
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin 2023-11-09 8.8 CVE-2023-32093
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin 2023-11-09 8.8 CVE-2023-32125
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart – Multipurpose WooCommerce Theme 2023-11-09 8.8 CVE-2023-32500
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin 2023-11-09 8.8 CVE-2023-32501
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin 2023-11-09 8.8 CVE-2023-32502
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin 2023-11-09 8.8 CVE-2023-32512
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin 2023-11-09 8.8 CVE-2023-32579
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin 2023-11-09 8.8 CVE-2023-32587
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin 2023-11-09 8.8 CVE-2023-32592
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin 2023-11-09 8.8 CVE-2023-32594
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin 2023-11-09 8.8 CVE-2023-32602
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin 2023-11-09 8.8 CVE-2023-32739
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin 2023-11-09 8.8 CVE-2023-32744
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin 2023-11-09 8.8 CVE-2023-32745
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin 2023-11-09 8.8 CVE-2023-32794
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin 2023-11-09 8.8 CVE-2023-34002
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin 2023-11-09 8.8 CVE-2023-34024
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin 2023-11-09 8.8 CVE-2023-34025
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin 2023-11-09 8.8 CVE-2023-34031
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin 2023-11-09 8.8 CVE-2023-34033
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc. TS Webfonts for ??????????? plugin 2023-11-09 8.8 CVE-2023-34169
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin 2023-11-09 8.8 CVE-2023-34177
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin 2023-11-09 8.8 CVE-2023-34178
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin 2023-11-09 8.8 CVE-2023-34181
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin 2023-11-09 8.8 CVE-2023-34182
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin 2023-11-09 8.8 CVE-2023-34371
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin 2023-11-09 8.8 CVE-2023-34386
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. 2023-11-04 8.8 CVE-2023-35910
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. 2023-11-07 8.8 CVE-2023-36527
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. 2023-11-03 8.8 CVE-2023-36677
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. 2023-11-07 8.8 CVE-2023-41798
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection. This issue affects Icons Font Loader: from n/a through 1.1.2. 2023-11-06 8.8 CVE-2023-46084
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin 2023-11-09 8.8 CVE-2023-46614
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin 2023-11-06 8.8 CVE-2023-46775
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin 2023-11-06 8.8 CVE-2023-46776
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin 2023-11-06 8.8 CVE-2023-46777
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin 2023-11-06 8.8 CVE-2023-46778
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin 2023-11-06 8.8 CVE-2023-46779
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin 2023-11-06 8.8 CVE-2023-46780
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin 2023-11-06 8.8 CVE-2023-46781
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin 2023-11-06 8.8 CVE-2023-47182
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin 2023-11-06 8.8 CVE-2023-47186
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin 2023-11-09 8.8 CVE-2023-47238
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin 2023-11-06 8.8 CVE-2023-5823
MISC
wordpress — wordpress The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. 2023-11-06 8.1 CVE-2023-5355
MISC
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker. This issue affects User Blocker: from n/a through 1.5.5. 2023-11-07 7.2 CVE-2022-45078
wordpress — wordpress Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. 2023-11-07 7.2 CVE-2023-23678
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. 2023-11-03 7.2 CVE-2023-32121
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. 2023-11-03 7.2 CVE-2023-32508
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. 2023-11-04 7.2 CVE-2023-32741
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. 2023-11-03 7.2 CVE-2023-34179
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. 2023-11-04 7.2 CVE-2023-38391
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. 2023-11-04 7.2 CVE-2023-40215
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7. 2023-11-06 7.2 CVE-2023-46821
MISC
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4. 2023-11-06 7.2 CVE-2023-46823
MISC
wordpress — wordpress The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. 2023-11-06 7.2 CVE-2023-5082
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin 2023-11-09 8.8 CVE-2023-47237
wpn-xm — wpn-xm A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit. 2023-11-03 9.8 CVE-2023-4591
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn’t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins). 2023-11-06 9.8 CVE-2023-46731
MISC
MISC
MISC
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability. 2023-11-07 8.8 CVE-2023-46242

 

xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to execute any content with the right of an existing document’s content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue. 2023-11-07 8.8 CVE-2023-46243

 

xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-07 8.8 CVE-2023-46244

 

xxyopen — novel-plus SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. 2023-11-05 9.8 CVE-2023-46981
MISC
zavio — cf7500_firmware Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. 2023-11-08 9.8 CVE-2023-39435
zavio — cf7500_firmware Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. 2023-11-08 9.8 CVE-2023-3959
zavio — cf7500_firmware Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests. 2023-11-08 9.8 CVE-2023-4249
zavio — cf7500_firmware Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. 2023-11-08 9.8 CVE-2023-43755
zavio — cf7500_firmware Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. 2023-11-08 9.8 CVE-2023-45225
zohocorp — manageengine_desktop_central A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. 2023-11-03 8.8 CVE-2023-4769
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — allura Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.  Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue.  If you are unable to upgrade, set “disable_entry_points.allura.importers = forge-tracker, forge-discussion” in your .ini config file. 2023-11-07 4.9 CVE-2023-46851
 
apache — ofbiz Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09 2023-11-07 5.3 CVE-2023-46819

 

arm — bifrost_gpu_kernel_driver A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. 2023-11-07 5.5 CVE-2023-4272
bootboxjs — bootbox Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. 2023-11-07 6.1 CVE-2023-46998
 
clastix — capsule capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example, consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `–disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn’t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-06 4.3 CVE-2023-46254
MISC
MISC
cloudnet360 — cloudnet360 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin 2023-11-08 6.1 CVE-2023-46643
color — demoiccmax In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. 2023-11-05 6.5 CVE-2023-47249
MISC
cure53 — dompurify DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a ‘rel=”noopener noreferrer”‘ attribute. 2023-11-07 6.1 CVE-2019-25155
 
docker — machine Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2023-11-07 6.5 CVE-2023-40453

 

dstar2018 — agency A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is named 975b56953efabb434519d9feefcc53685fb8d0ab. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-244495. 2023-11-07 6.1 CVE-2019-25156

 

gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. 2023-11-06 6.5 CVE-2023-3909
MISC
MISC
gitlab — gitlab An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. 2023-11-06 6.5 CVE-2023-4700
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. 2023-11-06 6.5 CVE-2023-5825
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. 2023-11-06 5.3 CVE-2023-5831
MISC
gitlab — gitlab An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attacker to block Sidekiq job processor. 2023-11-06 4.3 CVE-2023-3246
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. 2023-11-06 4.3 CVE-2023-5963
MISC
google — android In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. 2023-11-06 6.7 CVE-2023-32818
MISC
google — android In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. 2023-11-06 6.7 CVE-2023-32834
MISC
google — android In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. 2023-11-06 6.7 CVE-2023-32835
MISC
google — android In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725. 2023-11-06 6.7 CVE-2023-32836
MISC
google — android In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805. 2023-11-06 6.7 CVE-2023-32838
MISC
google — android In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576. 2023-11-06 6.7 CVE-2023-32839
MISC
google — android In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130. 2023-11-06 5.5 CVE-2023-32825
MISC
gvectors — wpdiscuz Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments – wpDiscuz plugin 2023-11-06 6.1 CVE-2023-47185
MISC
hillstonenet — sc-6000-e3960_firmware Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering. 2023-11-05 6.1 CVE-2023-46964
MISC
huawei — emui Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. 2023-11-08 5.9 CVE-2022-48613
 
huawei — emui Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. 2023-11-08 5.3 CVE-2023-46755
 
huawei — emui Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. 2023-11-08 5.3 CVE-2023-46763
 
huawei — emui Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. 2023-11-08 5.3 CVE-2023-46764
 
huawei — harmonyos Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. 2023-11-08 5.3 CVE-2023-46756
 
ibm — content_navigator IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. 2023-11-03 5.4 CVE-2023-35896
MISC
MISC
ibm — robotic_process_automation_for_cloud_pak A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. 2023-11-03 6.5 CVE-2023-45189
MISC
MISC
ibm — txseries_for_multiplatforms IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. 2023-11-03 5.4 CVE-2023-42029
MISC
MISC
MISC
jbig2enc_project — jbig2enc jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. 2023-11-08 5.5 CVE-2023-46362
 
jbig2enc_project — jbig2enc jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. 2023-11-08 5.5 CVE-2023-46363
 
kaoshifeng — yunfan_learning_examination_system An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. 2023-11-04 5.3 CVE-2023-46963
MISC
kyocera — d-copia253mf_plus_firmware Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a “nicht einloggen” error rather than a falsch error. 2023-11-03 5.3 CVE-2023-34261
MISC
MISC
kyocera — d-copia253mf_plus_firmware Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. 2023-11-03 4.9 CVE-2023-34259
MISC
MISC
lenovo — desktop_bios A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43571
lenovo — desktop_bios A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43573
lenovo — desktop_bios A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43575
lenovo — desktop_bios A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43576
lenovo — desktop_bios A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43577
lenovo — desktop_bios A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43578
lenovo — desktop_bios A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43579
lenovo — desktop_bios A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43580
lenovo — desktop_bios A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 6.7 CVE-2023-43581
lenovo — desktop_bios A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. 2023-11-08 4.4 CVE-2023-43572
lenovo — desktop_bios A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. 2023-11-08 4.4 CVE-2023-43574
linux — kernel The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. 2023-11-03 4.3 CVE-2023-47233
MISC
MISC
linux — linux_kernel A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. 2023-11-06 5.5 CVE-2023-5090
MISC
MISC
mattermost — mattermost Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. 2023-11-06 5.3 CVE-2023-5969
MISC
mattermost — mattermost Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.  2023-11-06 4.9 CVE-2023-5968
MISC
mattermost — mattermost Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin 2023-11-06 4.3 CVE-2023-5967
MISC
mediatek — lr12a In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862). 2023-11-06 6.5 CVE-2023-32840
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. 2023-11-03 5.4 CVE-2023-45360
MISC
mediawiki — mediawiki An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka “X intermediate revisions by the same user not shown”) ignores username suppression. This is an information leak. 2023-11-03 4.3 CVE-2023-45362
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2023-11-03 6.6 CVE-2023-36022
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 2023-11-07 6.5 CVE-2023-36409
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability 2023-11-03 4.3 CVE-2023-36029
MISC
microsoft — onenote Microsoft OneNote Spoofing Vulnerability 2023-11-06 5.4 CVE-2023-36769
MISC
microweber — microweber Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. 2023-11-08 5.4 CVE-2023-47379

 

microweber — microweber Improper Access Control in GitHub repository microweber/microweber prior to 2.0. 2023-11-07 4.3 CVE-2023-5976
 
mitsubishi_electric — fx5u-32mt/es_firmware Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. 2023-11-06 5.3 CVE-2023-4625
MISC
MISC
MISC
moodle — moodle The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. 2023-11-09 6.1 CVE-2023-5541

 

moodle — moodle The course upload preview contained an XSS risk for users uploading unsafe data. 2023-11-09 6.1 CVE-2023-5547

 

moodle — moodle Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. 2023-11-09 5.4 CVE-2023-5544

 

moodle — moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. 2023-11-09 5.4 CVE-2023-5546

 

msyk — fmdataapi A vulnerability classified as problematic has been found in msyk FMDataAPI up to 22. Affected is an unknown function of the file FMDataAPI_Sample.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 23 is able to address this issue. The patch is identified as 3bd1709a8f7b1720529bf5dfc9855ad609f436cf. It is recommended to upgrade the affected component. VDB-244494 is the identifier assigned to this vulnerability. 2023-11-07 6.1 CVE-2021-4431

 

mybb — mybb MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn’t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): – _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_. 2023-11-06 6.1 CVE-2023-46251
MISC
MISC
MISC
mybb — mybb Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. 2023-11-06 5.4 CVE-2023-45556
MISC
MISC
MISC
nasa — openmct Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. 2023-11-09 6.5 CVE-2023-45884
nasa — openmct Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. 2023-11-09 5.4 CVE-2023-45885
nationaledtech — boomerang An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=”false” attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. 2023-11-03 4.6 CVE-2023-36620
MISC
MISC
MISC
ni — topografix_data_plugin An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. 2023-11-08 5.5 CVE-2023-5136
nta — e-tax e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. 2023-11-06 5.5 CVE-2023-46802
MISC
MISC
opensc_project — opensc A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user’s awareness. 2023-11-06 6.6 CVE-2023-40660
MISC
MISC
MISC
MISC
MISC
opensc — opensc Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. 2023-11-06 6.4 CVE-2023-40661
MISC
MISC
MISC
MISC
MISC
prestashop — prestashop blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. 2023-11-09 5.3 CVE-2023-47110
proofpoint — enterprise_protection Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. 2023-11-06 6.1 CVE-2023-5771
MISC
qnap — qts A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later 2023-11-03 4.3 CVE-2023-39301
MISC
qualcomm — snapdragon Information Disclosure in WLAN Host when processing WMI event command. 2023-11-07 5.5 CVE-2023-28553
qualcomm — snapdragon Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. 2023-11-07 5.5 CVE-2023-28554
qualcomm — snapdragon Information disclosure in IOE Firmware while handling WMI command. 2023-11-07 5.5 CVE-2023-28563
qualcomm — snapdragon Information disclosure in WLAN HAL while handling the WMI state info command. 2023-11-07 5.5 CVE-2023-28566
qualcomm — snapdragon Information disclosure in WLAN HAL when reception status handler is called. 2023-11-07 5.5 CVE-2023-28568
qualcomm — snapdragon Information disclosure in WLAN HAL while handling command through WMI interfaces. 2023-11-07 5.5 CVE-2023-28569
ragic — enterprise_cloud_database Rogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. 2023-11-03 5.4 CVE-2023-41343
MISC
rapid7 — velociraptor Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user’s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). 2023-11-06 6.1 CVE-2023-5950
MISC
redhat — 3scale_api_management A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. 2023-11-06 5.5 CVE-2023-4910
MISC
MISC
redhat — quay A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. 2023-11-07 4.3 CVE-2023-4956
 
redmine — redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. 2023-11-05 6.1 CVE-2023-47258
MISC
redmine — redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. 2023-11-05 6.1 CVE-2023-47259
MISC
redmine — redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. 2023-11-05 6.1 CVE-2023-47260
MISC
roundcube — webmail Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). 2023-11-06 6.1 CVE-2023-47272
MISC
MISC
MISC

 

samba — samba A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions. 2023-11-03 6.5 CVE-2023-4091
MISC
MISC
MISC
MISC
MISC
MISC
samba — samba A design flaw was found in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. 2023-11-07 6.5 CVE-2023-4154

 

samba — samba A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task. 2023-11-06 6.5 CVE-2023-42669
MISC
MISC
MISC
MISC
MISC
samba — samba A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba’s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation “classic DCs”) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as “The procedure number is out of range” when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. 2023-11-03 6.5 CVE-2023-42670
MISC
MISC
MISC
MISC
MISC
samsung — account Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42546
samsung — account Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42547
samsung — account Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42548
samsung — account Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42549
samsung — account Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42550
samsung — account Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. 2023-11-07 6.5 CVE-2023-42551
samsung — account Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. 2023-11-07 5.5 CVE-2023-42540
samsung — android Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. 2023-11-07 6.8 CVE-2023-42533
samsung — android Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. 2023-11-07 5.5 CVE-2023-42527
samsung — android Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. 2023-11-07 5.5 CVE-2023-42534
samsung — easysetup Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. 2023-11-07 5.5 CVE-2023-42555
samsung — email Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. 2023-11-07 5.3 CVE-2023-42553
samsung — health PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. 2023-11-07 5.5 CVE-2023-42539
samsung — pass Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. 2023-11-07 6.8 CVE-2023-42554
samsung — push_service Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. 2023-11-07 5.3 CVE-2023-42541
samsung — quick_share Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. 2023-11-07 5.5 CVE-2023-42544
samsung — ue40d7000_firmware Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. 2023-11-08 4.3 CVE-2023-41270
 
sfu — pkp_web_application_library Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0-16. 2023-11-07 5.4 CVE-2023-5900
 
sfu — pkp_web_application_library Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. 2023-11-07 5.4 CVE-2023-5903
 
sfu — pkp_web_application_library Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. 2023-11-07 5.4 CVE-2023-5904
 
sfu — pkp_web_application_library PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. 2023-11-06 5.3 CVE-2023-47271
MISC
sfu — pkp_web_application_library Unrestricted Upload of File with Dangerous Type in GitHub repository pkp/pkp-lib prior to 3.3.0-16. 2023-11-07 4.8 CVE-2023-5901
 
sigstore — cosign Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker-controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. 2023-11-07 5.3 CVE-2023-46737
 
softing — smartlink_sw-ht Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. 2023-11-06 6.1 CVE-2022-48192
MISC
MISC
squid-cache — squid SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. 2023-11-03 5.3 CVE-2023-46846
MISC
MISC
MISC
MISC
MISC
MISC

 

squidex.io — squidex Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability. 2023-11-07 6.1 CVE-2023-46252
squidex.io — squidex Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficient resulting to stored XSS attacks. Squidex allows the CMS contributors to be granted the permission of uploading an SVG asset. When the asset is uploaded, a filtering mechanism is performed to validate that the SVG does not contain malicious code. The validation logic consists of traversing the HTML nodes in the DOM. In order for the validation to succeed, 2 conditions must be met: 1. No HTML tags included in a “blacklist” called “InvalidSvgElements” are present. This list only contains the element “script”. and 2. No attributes of HTML tags begin with “on” (i.e. onerror, onclick) (line 65). If either of the 2 conditions is not satisfied, validation fails and the file/asset is not uploaded. However it is possible to bypass the above filtering mechanism and execute arbitrary JavaScript code by introducing other HTML elements such as an 2023-11-07 5.4 CVE-2023-46744
synology — ssl_vpn_client Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. 2023-11-07 5.5 CVE-2023-5748
teamamaze — amaze_file_utilities Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. 2023-11-03 5.5 CVE-2023-5948
MISC
MISC
timeteccloud — auto_web-based_database_management_system Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. 2023-11-08 5.4 CVE-2023-46483
urbackup — urbackup_server UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. 2023-11-07 5.3 CVE-2023-47102
veeam — one A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. 2023-11-07 5.4 CVE-2023-38549
veeam — one A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. 2023-11-07 4.3 CVE-2023-38548
veeam — one A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. 2023-11-07 4.3 CVE-2023-41723
visser — store_exporter_for_woocommerce Unauth. Reflected Cross-Site Scripting’) vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin 2023-11-06 6.1 CVE-2023-46822
MISC
wisdomgarden — tronclass_ilearn NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. 2023-11-03 6.5 CVE-2023-41356
MISC
wondercms — wondercms Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. 2023-11-07 6.1 CVE-2023-41425
 
wordpress — wordpress The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. 2023-11-06 6.5 CVE-2023-4930
MISC
wordpress — wordpress The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2023-11-07 6.5 CVE-2023-5709
 
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin 2023-11-08 6.1 CVE-2023-32298
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin 2023-11-08 6.1 CVE-2023-46621
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin 2023-11-08 6.1 CVE-2023-46626
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin 2023-11-08 6.1 CVE-2023-46627
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin 2023-11-07 6.1 CVE-2023-47510
wordpress — wordpress The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2023-11-06 6.1 CVE-2023-5354
MISC
wordpress — wordpress The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘current_group_id’ parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2023-11-03 6.1 CVE-2023-5946
MISC
MISC
wordpress — wordpress Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin 2023-11-07 5.4 CVE-2023-28499
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin 2023-11-08 5.4 CVE-2023-46613
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin 2023-11-08 5.4 CVE-2023-46640
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin 2023-11-06 5.4 CVE-2023-46782
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin 2023-11-06 5.4 CVE-2023-46783
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin 2023-11-06 5.4 CVE-2023-47177
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin 2023-11-08 5.4 CVE-2023-47190
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin 2023-11-08 5.4 CVE-2023-47229
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin 2023-11-08 5.4 CVE-2023-47231
wordpress — wordpress The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘social_warfare’ shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-4842

 

wordpress — wordpress The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘sfp-page-plugin’ shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-4888

 

wordpress — wordpress The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ziteboard’ shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5076
 
wordpress — wordpress The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘imagemap’ shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5507
 
wordpress — wordpress The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘qrcodetag’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5567
 
wordpress — wordpress The Bitly’s plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpbitly’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5577
 
wordpress — wordpress The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_mapit’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5658
 
wordpress — wordpress The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘interact-quiz’ shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5659
 
wordpress — wordpress The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5660
 
wordpress — wordpress The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialfeed’ shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5661
 
wordpress — wordpress The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5669

 

wordpress — wordpress The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘giftup’ shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5703

 

wordpress — wordpress The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slider’ shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-03 5.4 CVE-2023-5707
MISC
MISC
MISC
MISC
wordpress — wordpress The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘telnumlink’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-07 5.4 CVE-2023-5743

 

wordpress — wordpress The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-11-03 5.4 CVE-2023-5945
MISC
MISC
MISC
wordpress — wordpress The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the ‘updraftmethod-googledrive-auth’ action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. 2023-11-07 5.4 CVE-2023-5982
 
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin 2023-11-06 4.8 CVE-2023-23702
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin 2023-11-09 4.8 CVE-2023-36688
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin 2023-11-08 4.8 CVE-2023-46642
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin 2023-11-06 4.8 CVE-2023-46824
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin 2023-11-08 4.8 CVE-2023-47181
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin 2023-11-06 4.8 CVE-2023-47184
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin 2023-11-08 4.8 CVE-2023-47223
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin 2023-11-08 4.8 CVE-2023-47226
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin 2023-11-08 4.8 CVE-2023-47227
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin 2023-11-08 4.8 CVE-2023-47228
wordpress — wordpress The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-11-06 4.8 CVE-2023-4810
MISC
MISC
wordpress — wordpress The Simple Table Manager WordPress plugin through 1.5.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-11-06 4.8 CVE-2023-4858
MISC
MISC
wordpress — wordpress The WP Discord Invite WordPress plugin before 2.5.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-11-06 4.8 CVE-2023-5181
MISC
wordpress — wordpress The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-11-06 4.8 CVE-2023-5228
MISC
wordpress — wordpress The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc. however the vendor acknowledged and fixed the issue 2023-11-06 4.8 CVE-2023-5530
MISC
MISC
wordpress — wordpress The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-11-06 4.8 CVE-2023-5605
MISC
wordpress — wordpress The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS. 2023-11-07 4.8 CVE-2023-5819

 

wordpress — wordpress The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. 2023-11-06 4.3 CVE-2023-5352
MISC
wordpress — wordpress The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘imgmap_delete_area_ajax’ function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages. 2023-11-07 4.3 CVE-2023-5506
 
wordpress — wordpress The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the ‘imgmap_save_area_title’ function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. 2023-11-07 4.3 CVE-2023-5532
 
wordpress — wordpress The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-11-07 4.3 CVE-2023-5818
 
wordpress — wordpress Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. 2023-11-07 4.3 CVE-2023-5902
 
wordpress — wordpress The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. 2023-11-07 4.3 CVE-2023-5975

 

wpn-xm — wpn-xm A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking. 2023-11-03 6.1 CVE-2023-4592
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability. 2023-11-06 6.1 CVE-2023-46732
MISC
MISC
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch. 2023-11-07 4.3 CVE-2023-38509

 

yugabyte — yugabytedb YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. 2023-11-08 6.1 CVE-2023-6002
zohocorp — manageengine_desktop_central A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. 2023-11-03 6.1 CVE-2023-4767
MISC
zohocorp — manageengine_desktop_central A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. 2023-11-03 6.1 CVE-2023-4768
MISC
zscaler — client_connector Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. 2023-11-06 6.5 CVE-2023-28794
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
nokia — g-040w-q_firmware Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. 2023-11-03 3.3 CVE-2023-41354
MISC
opensc — opensc An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system’s security. 2023-11-06 3.8 CVE-2023-4535
MISC
MISC
MISC
MISC
MISC
MISC
samsung — firewall Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. 2023-11-07 3.3 CVE-2023-42552
samsung — push_service Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. 2023-11-07 3.3 CVE-2023-42542

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — pyarrow Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vulnerability only affects PyArrow, no other Apache Arrow implementations or bindings. It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon. If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions. 2023-11-09 not yet calculated CVE-2023-47248

 

apache — uima_java_sdk_core
 
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module. Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object. When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution. As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290  and  https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue. To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the “jdk.serialFilter” system property using a semicolon as a separator: To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Make sure to use “!*” as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern. Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version. 2023-11-08 not yet calculated CVE-2023-39913
 
apereo_foundation — apereo_cas
 
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass. This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability. 2023-11-09 not yet calculated CVE-2023-4612
 
appsanywhere — appsanywhere The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. 2023-11-09 not yet calculated CVE-2023-41138
appsanywhere — appsanywhere
 
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. 2023-11-09 not yet calculated CVE-2023-41137
avast/avg — avast/avg_antivirus A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system. This issue affects Avast/Avg Antivirus: 23.8. 2023-11-08 not yet calculated CVE-2023-5760
axios — axios
 
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. 2023-11-08 not yet calculated CVE-2023-45857
bigbluebutton — bigbluebutton When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. 2023-11-09 not yet calculated CVE-2023-5543

 

bigbluebutton — bigbluebutton
 
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users so that it points to the attacker’s server, thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0. 2023-11-08 not yet calculated CVE-2023-47107
beijing_baichuo — smart_s85f_firmware A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-11 not yet calculated CVE-2023-5959

 

chromedriver — chromedriver
 
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver. 2023-11-09 not yet calculated CVE-2023-26156

 

combodo — itop Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. 2023-11-09 not yet calculated CVE-2023-47488
combodo — itop An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. 2023-11-09 not yet calculated CVE-2023-47489
couchbase_inc. — couchbase_server
 
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. 2023-11-08 not yet calculated CVE-2023-45875

 

discourse — discourse Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. 2023-11-10 not yet calculated CVE-2023-47120

 

discourse — discourse Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server-side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. 2023-11-10 not yet calculated CVE-2023-47121

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they’ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the “bleeding” by ensuring users only use alphanumeric characters in their full name field. 2023-11-10 not yet calculated CVE-2023-45806

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds. 2023-11-10 not yet calculated CVE-2023-45816

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. 2023-11-10 not yet calculated CVE-2023-46130

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. 2023-11-10 not yet calculated CVE-2023-47119

 

eclipse_foundation — eclipse_ide
 
In Eclipse IDE versions 2023-11-09 not yet calculated CVE-2023-4218

 

ethyca — fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject’s personal data can then be retrieved from connected systems and data stores before being bundled together as a data subject access request package for the data subject to download. Supported data formats for the package include json and csv, but the most commonly used format is a series of HTML files compressed in a ZIP file. Once downloaded and unzipped, the data subject user can browse the HTML files on their local machine. It was identified that there was no validation of input coming from e.g. the connected systems and data stores which is later reflected in the downloaded data. This can result in an HTML injection that can be abused e.g. for phishing attacks or malicious JavaScript code execution, but only in the context of the data subject’s browser accessing a HTML page using the `file://` protocol. Exploitation is limited to rogue Admin UI users, malicious connected system / data store users, and the data subject user if tricked via social engineering into submitting malicious data themselves. This vulnerability has been patched in version 2.23.3. 2023-11-08 not yet calculated CVE-2023-47114

 

free_software_foundation — grub-legacy An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. 2023-11-10 not yet calculated CVE-2023-4949
freebsd — freebsd In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects’ write space members for write-buffered streams when the write(2) system call returns an error.  Depending on the nature of an application that calls libc’s stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. 2023-11-08 not yet calculated CVE-2023-5941
freebsd — freebsd In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted. 2023-11-08 not yet calculated CVE-2023-5978
gitlab — gitlab
 
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. 2023-11-09 not yet calculated CVE-2023-4379
gitsign — gitsign Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) – anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available. 2023-11-10 not yet calculated CVE-2023-47122

 

go_standard_library — path/filepath
 
The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a path beginning with \?. Paths with a ?? prefix may be used to access arbitrary locations on the system. For example, the path ??c:x is equivalent to the more common path c:x. Before fix, Clean could convert a rooted path such as a..??b into the root local device path ??b. Clean will now convert this to .??b. Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??b. Join will now convert this to .??b. In addition, with fix, IsAbs now correctly reports paths beginning with ?? as absolute, and VolumeName correctly reports the ?? prefix as a volume name. 2023-11-09 not yet calculated CVE-2023-45283

 

go_standard_library — path/filepath
 
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as “COM1 “, and reserved names “COM” and “LPT” followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. 2023-11-09 not yet calculated CVE-2023-45284

 

gpac — mp4box
 
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data. 2023-11-07 not yet calculated CVE-2023-46001
 
harbor — harbor
 
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. 2023-11-09 not yet calculated CVE-2023-20902
hashicorp — vault HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. 2023-11-09 not yet calculated CVE-2023-5954
hcl_software — hcl_connections
 
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user’s account then launch other attacks. 2023-11-09 not yet calculated CVE-2023-37533
headscale — headscale Headscale through 0.22.3 writes bearer tokens to info-level logs. 2023-11-11 not yet calculated CVE-2023-47390
hoteldruid — hoteldruid Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. 2023-11-10 not yet calculated CVE-2023-47164

 

huawei — emui
 
Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data. 2023-11-08 not yet calculated CVE-2023-46772
 
humansignal — label_studio
 
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced. 2023-11-09 not yet calculated CVE-2023-43791

 

ibm — aix
 
IBM AIX’s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. 2023-11-10 not yet calculated CVE-2023-45167

 

ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484. 2023-11-11 not yet calculated CVE-2023-43057
 
jaspersoft — clarity_ppm
 
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. 2023-11-09 not yet calculated CVE-2023-37790
johnson_controls — quantum_hd_unity An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. 2023-11-10 not yet calculated CVE-2023-4804
 
lanaccess — onsafe_monitorhm An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. 2023-11-08 not yet calculated CVE-2023-6012
lenovo — 1_preload_directory
 
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. 2023-11-08 not yet calculated CVE-2023-4706
lenovo — bios
 
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. 2023-11-08 not yet calculated CVE-2023-45075
lenovo — bios
 
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. 2023-11-08 not yet calculated CVE-2023-45076
lenovo — bios
 
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. 2023-11-08 not yet calculated CVE-2023-45077
lenovo — bios
 
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. 2023-11-08 not yet calculated CVE-2023-45078
lenovo — bios
 
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. 2023-11-08 not yet calculated CVE-2023-45079
lenovo — desktop_bios
 
A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 not yet calculated CVE-2023-43567
lenovo — desktop_bios
 
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. 2023-11-08 not yet calculated CVE-2023-43568
lenovo — desktop_bios
 
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.  2023-11-08 not yet calculated CVE-2023-43569
lenovo — desktop_bios
 
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. 2023-11-08 not yet calculated CVE-2023-43570
lenovo — ideapad A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08 not yet calculated CVE-2023-5075
lenovo — lecloud_app Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. 2023-11-08 not yet calculated CVE-2023-5079
lenovo — system_update
 
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. 2023-11-08 not yet calculated CVE-2023-4632
lenovo — thinkpad A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. 2023-11-08 not yet calculated CVE-2023-5078
lenovo — view_driver A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. 2023-11-08 not yet calculated CVE-2023-4891
f.b.p — members_line The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47363
f.b.p — members_line The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims 2023-11-09 not yet calculated CVE-2023-47364
f.b.p — members_line The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47365
f.b.p — members_line The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47366
f.b.p — members_line The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47367
f.b.p — members_line The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47368
f.b.p — members_line The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. 2023-11-09 not yet calculated CVE-2023-47369
f.b.p — members_line The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47370
f.b.p — members_line The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47372
f.b.p — members_line The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. 2023-11-09 not yet calculated CVE-2023-47373
linux — kernel A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. 2023-11-09 not yet calculated CVE-2023-6039

 

linux — kernel
 
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. 2023-11-09 not yet calculated CVE-2023-39198
 
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. 2023-11-04 not yet calculated CVE-2023-46380
MISC
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. 2023-11-04 not yet calculated CVE-2023-46381
MISC
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. 2023-11-04 not yet calculated CVE-2023-46382
MISC
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2023-11-10 not yet calculated CVE-2023-36027
mldb.ai — mldb.ai
 
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html. 2023-11-09 not yet calculated CVE-2023-46492
moodle — moodle A remote code execution risk was identified in the Lesson activity. By default, this was only available to teachers and managers. 2023-11-09 not yet calculated CVE-2023-5539

 

moodle — moodle A remote code execution risk was identified in the IMSCP activity. By default, this was only available to teachers and managers. 2023-11-09 not yet calculated CVE-2023-5540

 

moodle — moodle Students in “Only see own membership” groups could see other students in the group, which should be hidden. 2023-11-09 not yet calculated CVE-2023-5542

 

moodle — moodle H5P metadata automatically populated the author with the user’s username, which could be sensitive information. 2023-11-09 not yet calculated CVE-2023-5545

 

moodle — moodle Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. 2023-11-09 not yet calculated CVE-2023-5548

 

moodle — moodle Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. 2023-11-09 not yet calculated CVE-2023-5549

 

moodle — moodle In a shared hosting environment that has been misconfigured to allow access to other users’ content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilize a local file include to achieve remote code execution. 2023-11-09 not yet calculated CVE-2023-5550

 

moodle — moodle Separate Groups mode restrictions were not honored in the forum summary report, which would display users from other groups. 2023-11-09 not yet calculated CVE-2023-5551

 

natus — multiple_products Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. 2023-11-10 not yet calculated CVE-2023-47800
 
okta — ldap_agent
 
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. 2023-11-08 not yet calculated CVE-2023-0392
opentelemetry — opentelemetry OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`. 2023-11-10 not yet calculated CVE-2023-47108

 

opentext — fortify_scancentral_dast Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges. This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. 2023-11-08 not yet calculated CVE-2023-5913
openvpn — openvpn
 
Using the –fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. 2023-11-11 not yet calculated CVE-2023-46849

 

openvpn — openvpn
 
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. 2023-11-11 not yet calculated CVE-2023-46850

 

ovh — the_bastion
 
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don’t honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15. 2023-11-08 not yet calculated CVE-2023-45140
 
palo_alto_networks — cortex_xsoar
 
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. 2023-11-08 not yet calculated CVE-2023-3282
pfsense_ce — pfsense_ce
 
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. 2023-11-08 not yet calculated CVE-2023-29974
pfsense_ce — pfsense_ce
 
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. 2023-11-09 not yet calculated CVE-2023-29975
philips — encoreanywhere
 
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. 2023-11-09 not yet calculated CVE-2018-8863
phpgurukul — restaurant_table_booking_system A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943. 2023-11-10 not yet calculated CVE-2023-6074
 
phpgurukul — restaurant_table_booking_system A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944. 2023-11-10 not yet calculated CVE-2023-6075
 
phpgurukul — restaurant_table_booking_system A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. 2023-11-10 not yet calculated CVE-2023-6076
 
piccolo — piccolo Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality, they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non-exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue. 2023-11-10 not yet calculated CVE-2023-47128
 
prestashop — blockreassurance PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. 2023-11-08 not yet calculated CVE-2023-47109

 

projectworlds — online_job_portal Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46676
 
projectworlds — online_job_portal Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46677
 
projectworlds — online_job_portal Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_upass’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46678
 
projectworlds — online_job_portal Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname_email’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46679
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46786
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46787
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter in the ‘uploadphoto()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46788
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic1’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46789
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic2’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46790
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic4’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46792
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘day’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46793
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46794
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46795
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘month’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46796
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46797
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘year’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46799
 
projectworlds — online_matrimonial_project Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-11-07 not yet calculated CVE-2023-46800
 
qnap_systems_inc. — multiple_products
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later. 2023-11-10 not yet calculated CVE-2023-23367
qnap_systems_inc. — qumagie A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later 2023-11-10 not yet calculated CVE-2023-41284
qnap_systems_inc. — qumagie
 
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later 2023-11-10 not yet calculated CVE-2023-39295
qnap_systems_inc. — qumagie
 
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later 2023-11-10 not yet calculated CVE-2023-41285
sentry — sentry-javascript
 
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0. 2023-11-10 not yet calculated CVE-2023-46729

 

solarwinds_ — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 2023-11-09 not yet calculated CVE-2023-40054
 
solarwinds_ — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 2023-11-09 not yet calculated CVE-2023-40055
spiceworks — help_desk_server
 
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. 2023-11-09 not yet calculated CVE-2021-43609

 

statmic — statmic Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0. 2023-11-10 not yet calculated CVE-2023-47129

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn’t change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated. 2023-11-10 not yet calculated CVE-2023-46733

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don’t actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. 2023-11-10 not yet calculated CVE-2023-46734

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn’t return any user-submitted input in its response. 2023-11-10 not yet calculated CVE-2023-46735
 
telit_cinterion — multiple_products A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. 2023-11-09 not yet calculated CVE-2023-47610
telit_cinterion — multiple_products A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to “manufacturer” level on the targeted system. 2023-11-10 not yet calculated CVE-2023-47611
telit_cinterion — multiple_products A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. 2023-11-09 not yet calculated CVE-2023-47612
telit_cinterion — multiple_products A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. 2023-11-09 not yet calculated CVE-2023-47613
telit_cinterion — multiple_products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system. 2023-11-10 not yet calculated CVE-2023-47614
telit_cinterion — multiple_products A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. 2023-11-09 not yet calculated CVE-2023-47615
telit_cinterion — multiple_products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system. 2023-11-09 not yet calculated CVE-2023-47616
tibco_software_inc. — spotfire
 
The Spotfire Connectors component of TIBCO Software Inc.’s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0. 2023-11-08 not yet calculated CVE-2023-26221
tongda — oa A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-09 not yet calculated CVE-2023-6052

 

tongda — oa A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-09 not yet calculated CVE-2023-6053

 

tongda — oa A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-09 not yet calculated CVE-2023-6054

 

volkswagen — id.3 Attacker can perform a Denial-of-Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. 2023-11-10 not yet calculated CVE-2023-6073
wbce_cms — wbce_cms
 
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. 2023-11-10 not yet calculated CVE-2023-39796

 

wildfly-core — wildfly-core
 
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system. 2023-11-08 not yet calculated CVE-2023-4061

 

wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin 2023-11-10 not yet calculated CVE-2023-31077
xwiki — xwiki
 
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. 2023-11-09 not yet calculated CVE-2023-46743
yugabytedb — yugabytedb_anywhere Prometheus metrics are available without authentication. These metrics expose detailed and sensitive information about the YugabyteDB Anywhere environment. 2023-11-08 not yet calculated CVE-2023-6001
zitadel — zitadel ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the number of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3. 2023-11-08 not yet calculated CVE-2023-47111

 

zyxel — gs1900-24ep The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device. 2023-11-07 not yet calculated CVE-2023-35140

Back to top