High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 1e — platform | The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI | 2023-11-06 | 7.2 | CVE-2023-45161 MISC MISC |
| 1e — platform | The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI | 2023-11-06 | 7.2 | CVE-2023-45163 MISC MISC |
| 1e — platform | The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above. | 2023-11-06 | 7.2 | CVE-2023-5964 MISC MISC |
| 7-zip — 7-zip | 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. | 2023-11-03 | 7.8 | CVE-2023-31102 MISC MISC MISC |
| advanced_export_products_orders_cron_csv_excel_project — advanced_export_products_orders_cron_csv_excel | Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | 2023-11-07 | 7.5 | CVE-2023-43984 |
| arm — valhall_gpu_kernel_driver | A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. | 2023-11-07 | 7.8 | CVE-2023-3889 |
| arm — valhall_gpu_kernel_driver | A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | 2023-11-07 | 7.8 | CVE-2023-4295 |
| asus — rt-ax55_firmware | ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41345 MISC |
| asus — rt-ax55_firmware | ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41346 MISC |
| asus — rt-ax55_firmware | ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41347 MISC |
| asus — rt-ax55_firmware | ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41348 MISC |
| asus — rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function. | 2023-11-09 | 9.8 | CVE-2023-47005 |
| asus — rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function. | 2023-11-09 | 9.8 | CVE-2023-47006 |
| asus — rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function. | 2023-11-09 | 9.8 | CVE-2023-47007 |
| asus — rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function. | 2023-11-09 | 9.8 | CVE-2023-47008 |
| best_courier_management_system — best_courier_management_system | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | 2023-11-03 | 9.8 | CVE-2023-46980 MISC MISC |
| bestpractical — request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | 2023-11-03 | 7.5 | CVE-2023-41259 MISC CONFIRM CONFIRM |
| bestpractical — request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | 2023-11-03 | 7.5 | CVE-2023-41260 MISC CONFIRM CONFIRM |
| bestpractical — request_tracker | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | 2023-11-03 | 7.5 | CVE-2023-45024 MISC CONFIRM |
| bleachbit — bleachbit | BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | 2023-11-08 | 7.3 | CVE-2023-47113 |
| boltwire — boltwire | An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | 2023-11-07 | 9.1 | CVE-2023-46501 |
| botan_project — botan | bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. | 2023-11-03 | 7.5 | CVE-2017-7252 CONFIRM MISC |
| clickbar — dot-diver | Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability. | 2023-11-06 | 9.8 | CVE-2023-45827 MISC MISC |
| couchbase — couchbase_server | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | 2023-11-08 | 7.5 | CVE-2023-36667 |
| djangoproject — django | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | 2023-11-03 | 7.5 | CVE-2023-41164 CONFIRM MISC |
| djangoproject — django | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | 2023-11-03 | 7.5 | CVE-2023-43665 CONFIRM MISC |
| ec-cube — ec-cube | EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege. | 2023-11-07 | 7.2 | CVE-2023-46845
|
| eclipse — glassfish | In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or | 2023-11-03 | 9.8 | CVE-2023-5763 MISC MISC |
| eclipse — parsson | In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | 2023-11-03 | 7.5 | CVE-2023-4043 MISC MISC |
| espressif — esptool | An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. | 2023-11-09 | 7.5 | CVE-2023-46894 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin | 2023-11-09 | 8.8 | CVE-2023-34171 |
| exiv2 — exiv2 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 8.8 | CVE-2023-44398 MISC MISC |
| felixwelberg — sis_handball | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | 2023-11-06 | 9.8 | CVE-2023-33924 MISC |
| froxlor — froxlor | Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0. | 2023-11-10 | 8.8 | CVE-2023-6069 |
| frrouting — frrouting | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a “flowspec overflow.” | 2023-11-06 | 9.8 | CVE-2023-38406 MISC MISC |
| frrouting — frrouting | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | 2023-11-06 | 7.5 | CVE-2023-38407 MISC MISC MISC |
| frrouting — frrouting | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | 2023-11-03 | 7.5 | CVE-2023-47234 MISC |
| frrouting — frrouting | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | 2023-11-03 | 7.5 | CVE-2023-47235 MISC |
| ge — micom_s1_agile | General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | 2023-11-07 | 7.3 | CVE-2023-0898 |
| gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. | 2023-11-06 | 7.7 | CVE-2023-3399 MISC MISC |
| google — android | In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357. | 2023-11-06 | 7.8 | CVE-2023-32837 MISC |
| google — android | In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273. | 2023-11-06 | 7 | CVE-2023-32832 MISC |
| google — chrome | Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-08 | 8.8 | CVE-2023-5996
|
| gpac — gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 2023-11-07 | 7.5 | CVE-2023-5998 |
| group-office — group_office | Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46730 |
| gss — vitals_enterprise_social_platform | Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. | 2023-11-03 | 8.8 | CVE-2023-41357 MISC |
| huawei — emui | Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-44098 |
| huawei — emui | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | 2023-11-08 | 7.5 | CVE-2023-46765 |
| huawei — emui | Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46771 |
| huawei — emui | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | 2023-11-08 | 7.5 | CVE-2023-46774 |
| huawei — harmonyos | Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2023-11-08 | 9.1 | CVE-2023-5801 |
| huawei — harmonyos | Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-44115 |
| huawei — harmonyos | The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46757 |
| huawei — harmonyos | Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | 2023-11-08 | 7.5 | CVE-2023-46758 |
| huawei — harmonyos | Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46759 |
| huawei — harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46760 |
| huawei — harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46761 |
| huawei — harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46762 |
| huawei — harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46766 |
| huawei — harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46767 |
| huawei — harmonyos | Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-11-08 | 7.5 | CVE-2023-46768 |
| huawei — harmonyos | Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability. | 2023-11-08 | 7.5 | CVE-2023-46769 |
| huawei — harmonyos | Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users’ mobile phones. | 2023-11-08 | 7.5 | CVE-2023-46770 |
| ibm — cics_tx | IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | 2023-11-03 | 7.5 | CVE-2023-43018 MISC MISC |
| ibm — mq_appliance | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | 2023-11-03 | 7.8 | CVE-2023-46176 MISC MISC |
| ibm — txseries_for_multiplatforms | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. | 2023-11-03 | 8.8 | CVE-2023-42027 MISC MISC MISC |
| intelliants — subrion | Subrion 4.2.1 has a remote command execution vulnerability in the backend. | 2023-11-03 | 8.8 | CVE-2023-46947 MISC |
| ivanti — automation | A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 2023-11-03 | 7.8 | CVE-2022-44569 MISC |
| ivanti — avalanche | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2022-43554 MISC |
| ivanti — avalanche | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2022-43555 MISC |
| ivanti — avalanche | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2023-41725 MISC |
| ivanti — avalanche | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2023-41726 MISC |
| kerawen — kerawen | kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | 2023-11-04 | 9.8 | CVE-2023-40922 MISC |
| kubernetes — apiserver | A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client’s API server credentials to third parties. | 2023-11-03 | 8.2 | CVE-2022-3172 MISC MISC |
| kubernetes — csi_proxy | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | 2023-11-03 | 8.8 | CVE-2023-3893 MISC MISC |
| kyocera — d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. | 2023-11-03 | 7.5 | CVE-2023-34260 MISC MISC |
| linagora — twake | Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. | 2023-11-07 | 9.8 | CVE-2023-2675 |
| linux — kernel | An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. | 2023-11-03 | 8.1 | CVE-2023-1194 MISC MISC MISC |
| linux — kernel | A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. | 2023-11-03 | 7 | CVE-2023-1476 MISC MISC MISC MISC |
| lost_and_found_information_system — lost_and_found_information_system | Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 2023-11-03 | 9.8 | CVE-2023-38965 MISC MISC |
| macvim — macvim | Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root – this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue. | 2023-11-07 | 7.8 | CVE-2023-41036
|
| mediatek — nr15 | In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895. | 2023-11-06 | 7.5 | CVE-2023-20702 MISC |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-10 | 7.3 | CVE-2023-36014 |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | 7.3 | CVE-2023-36034 MISC |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-11-10 | 7.1 | CVE-2023-36024 |
| midori-global — better_pdf_exporter | Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export. | 2023-11-07 | 7.8 | CVE-2023-42361
|
| mitsubishi_electric — fx3u-32mt/es_firmware | Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. | 2023-11-06 | 9.1 | CVE-2023-4699 MISC MISC MISC |
| mongodb — atlas_kubernetes_operator | The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration: DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) | 2023-11-07 | 7.5 | CVE-2023-0436 |
| nationaledtech — boomerang | An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. | 2023-11-03 | 9.1 | CVE-2023-36621 MISC MISC MISC |
| ncsist — mobile_device_manager | NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | 2023-11-03 | 7.5 | CVE-2023-41344 MISC |
| netskope — netskope | Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. | 2023-11-06 | 8.8 | CVE-2023-4996 MISC |
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | 2023-11-03 | 9.8 | CVE-2023-41350 MISC |
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. | 2023-11-03 | 9.8 | CVE-2023-41351 MISC |
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | 2023-11-03 | 9.8 | CVE-2023-41355 MISC |
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | 2023-11-03 | 8.8 | CVE-2023-41353 MISC |
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 7.2 | CVE-2023-41352 MISC |
| opayweb — opay | An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | 2023-11-07 | 7.5 | CVE-2021-43419 |
| opendesign — drawings_sdk | An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | 2023-11-07 | 7.8 | CVE-2023-5179 |
| openssl — openssl | Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn’t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn’t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the “-pubcheck” option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 2023-11-06 | 7.5 | CVE-2023-5678 MISC MISC MISC MISC MISC |
| ortussolutions — coldbox_elixir | A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability. | 2023-11-06 | 7.5 | CVE-2021-4430 MISC MISC MISC MISC |
| perforce — helix_core | An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | 2023-11-08 | 9.8 | CVE-2023-45849 |
| perforce — helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-35767 |
| perforce — helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-45319 |
| perforce — helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-5759 |
| phpfox — phpfox | An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. | 2023-11-03 | 9.8 | CVE-2023-46817 MISC MISC MISC MISC MISC |
| prestashop– prestashop | In the module “Order Duplicator ” Clone and Delete Existing Order” (orderduplicate) in version | 2023-11-07 | 8.8 | CVE-2023-45380 |
| progress — ws_ftp_server | In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. | 2023-11-07 | 8.8 | CVE-2023-42659 |
| projectworlds — online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_password’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46680 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46785 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘pass’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46798 |
| puppet — puppet_enterprise | Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 2023-11-07 | 9.8 | CVE-2023-5309 |
| python — pillow | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. | 2023-11-03 | 7.5 | CVE-2023-44271 MISC MISC MISC |
| qemu — qemu | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM’s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. | 2023-11-03 | 7 | CVE-2023-5088 MISC MISC MISC |
| qnap — music_station | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | 2023-11-03 | 7.5 | CVE-2023-39299 MISC |
| qnap — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 2023-11-03 | 9.8 | CVE-2023-23368 MISC |
| qnap — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later | 2023-11-03 | 9.8 | CVE-2023-23369 MISC |
| qualcomm — snapdragon | Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 2023-11-07 | 9.8 | CVE-2023-22388 |
| qualcomm — snapdragon | Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 2023-11-07 | 9.8 | CVE-2023-33045 |
| qualcomm — snapdragon | Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | 2023-11-07 | 8.8 | CVE-2023-28572 |
| qualcomm — snapdragon | Memory Corruption in Core during syscall for Sectools Fuse comparison feature. | 2023-11-07 | 7.8 | CVE-2023-21671 |
| qualcomm — snapdragon | Memory Corruption in Core due to secure memory access by user while loading modem image. | 2023-11-07 | 7.8 | CVE-2023-24852 |
| qualcomm — snapdragon | Memory corruption in TZ Secure OS while loading an app ELF. | 2023-11-07 | 7.8 | CVE-2023-28545 |
| qualcomm — snapdragon | Cryptographic issue in HLOS during key management. | 2023-11-07 | 7.8 | CVE-2023-28556 |
| qualcomm — snapdragon | Memory corruption while processing audio effects. | 2023-11-07 | 7.8 | CVE-2023-28570 |
| qualcomm — snapdragon | Memory corruption in core services when Diag handler receives a command to configure event listeners. | 2023-11-07 | 7.8 | CVE-2023-28574 |
| qualcomm — snapdragon | Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | 2023-11-07 | 7.8 | CVE-2023-33031 |
| qualcomm — snapdragon | Memory Corruption in Audio while invoking callback function in driver from ADSP. | 2023-11-07 | 7.8 | CVE-2023-33055 |
| qualcomm — snapdragon | Memory corruption in Audio while processing the VOC packet data from ADSP. | 2023-11-07 | 7.8 | CVE-2023-33059 |
| qualcomm — snapdragon | Memory corruption in Audio when SSR event is triggered after music playback is stopped. | 2023-11-07 | 7.8 | CVE-2023-33074 |
| qualcomm — snapdragon | Transient DOS in WLAN Firmware while parsing no-inherit IES. | 2023-11-07 | 7.5 | CVE-2023-33047 |
| qualcomm — snapdragon | Transient DOS in WLAN Firmware while parsing t2lm buffers. | 2023-11-07 | 7.5 | CVE-2023-33048 |
| qualcomm — snapdragon | Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 2023-11-07 | 7.5 | CVE-2023-33056 |
| qualcomm — snapdragon | Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 2023-11-07 | 7.5 | CVE-2023-33061 |
| qualitor — qalitor | Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | 2023-11-06 | 9.8 | CVE-2023-47253 MISC MISC MISC MISC |
| redlion — crimson | The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. | 2023-11-06 | 9.8 | CVE-2023-5719 MISC MISC |
| relativity — relativityone | SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | 2023-11-03 | 9.8 | CVE-2023-46954 MISC |
| remoteclinic — remote_clinic | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | 2023-11-07 | 9.8 | CVE-2023-33478 |
| remoteclinic — remote_clinic | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | 2023-11-07 | 9.8 | CVE-2023-33479 |
| remoteclinic — remote_clinic | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the ‘start’ GET parameter of patients/index.php. | 2023-11-07 | 9.8 | CVE-2023-33481 |
| remoteclinic — remote_clinic | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell. | 2023-11-07 | 8.8 | CVE-2023-33480 |
| samba — samba | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. | 2023-11-03 | 9.8 | CVE-2023-3961 MISC MISC MISC MISC MISC MISC |
| samsung — android | Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background. | 2023-11-07 | 9.8 | CVE-2023-42531 |
| samsung — android | An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42536 |
| samsung — android | An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42537 |
| samsung — android | An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42538 |
| samsung — android | Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-30739 |
| samsung — android | Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42528 |
| samsung — android | Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42529 |
| samsung — android | Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42535 |
| samsung — android | Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. | 2023-11-07 | 7.5 | CVE-2023-42530 |
| samsung — android | Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | 2023-11-07 | 7.5 | CVE-2023-42532 |
| samsung — bixby_voice | Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | 2023-11-07 | 7.5 | CVE-2023-42543 |
| samsung — exynos_9810_firmware | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | 2023-11-08 | 7.5 | CVE-2023-41111 |
| samsung — exynos_9810_firmware | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | 2023-11-08 | 7.5 | CVE-2023-41112 |
| samsung — phone | Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data. | 2023-11-07 | 7.5 | CVE-2023-42545 |
| schedmd — slurm | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | 2023-11-03 | 7 | CVE-2023-41914 MISC CONFIRM |
| softing — smartlink_sw-ht | Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | 2023-11-06 | 7.5 | CVE-2022-48193 MISC MISC |
| squid-cache — squid | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid’s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | 2023-11-06 | 7.5 | CVE-2023-46728 MISC MISC |
| squid-cache — squid | Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 2023-11-03 | 7.5 | CVE-2023-46847 MISC MISC MISC MISC MISC MISC
|
| squid-cache — squid | Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | 2023-11-03 | 7.5 | CVE-2023-46848 MISC MISC MISC MISC MISC |
| squid-cache — squid | Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. | 2023-11-03 | 7.5 | CVE-2023-5824 MISC MISC MISC |
| squidex.io — squidex | Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE). | 2023-11-07 | 7.2 | CVE-2023-46253 |
| strapi — strapi | strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 7.5 | CVE-2023-39345 MISC |
| swtpm — swtpm | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 2023-11-03 | 7.1 | CVE-2020-28407 MISC CONFIRM CONFIRM |
| sysaid — sysaid_on-premises | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 2023-11-10 | 9.8 | CVE-2023-47246
|
| wordpress — wordpress | The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | 2023-11-06 | 7.5 | CVE-2023-5454 MISC |
| tenda — ax1806_firmware | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. | 2023-11-07 | 9.1 | CVE-2023-47455 |
| tenda — ax1806_firmware | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | 2023-11-07 | 9.1 | CVE-2023-47456 |
| tigera — calico_cloud | In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. | 2023-11-06 | 7.5 | CVE-2023-41378 MISC MISC MISC |
| tyk — tyk | Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 2023-11-07 | 9.8 | CVE-2023-42283 |
| tyk — tyk | Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 2023-11-07 | 9.8 | CVE-2023-42284 |
| utoronto — pcrs | PCRS | 2023-11-03 | 9.9 | CVE-2023-46404 MISC MISC |
| vaerys-dawn — discordsailv2 | A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. | 2023-11-05 | 9.8 | CVE-2018-25092 MISC MISC MISC MISC |
| vaerys-dawn — discordsailv2 | A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484. | 2023-11-06 | 9.8 | CVE-2018-25093 MISC MISC MISC MISC |
| veeam — one | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | 2023-11-07 | 9.8 | CVE-2023-38547 |
| videolan — vlc_media_player | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | 2023-11-07 | 9.8 | CVE-2023-47359 |
| videolan — vlc_media_player | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | 2023-11-07 | 7.5 | CVE-2023-47360 |
| webidsupport — webid | WeBid | 2023-11-08 | 9.8 | CVE-2023-47397 |
| weintek — easybuilder_pro | Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | 2023-11-06 | 9.8 | CVE-2023-5777 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | 2023-11-07 | 9.8 | CVE-2022-45357 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | 2023-11-07 | 9.8 | CVE-2022-45360 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | 2023-11-07 | 9.8 | CVE-2022-45370 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | 2023-11-06 | 9.8 | CVE-2022-45373 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | 2023-11-03 | 9.8 | CVE-2022-45805 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. | 2023-11-07 | 9.8 | CVE-2022-45810 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/a through 6.2.0. | 2023-11-07 | 9.8 | CVE-2022-46801 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce. This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | 2023-11-07 | 9.8 | CVE-2022-46802 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin. This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. | 2023-11-07 | 9.8 | CVE-2022-46803 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. | 2023-11-03 | 9.8 | CVE-2022-46808 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | 2023-11-07 | 9.8 | CVE-2022-46809 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | 2023-11-03 | 9.8 | CVE-2022-46818 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | 2023-11-06 | 9.8 | CVE-2022-46849 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | 2023-11-03 | 9.8 | CVE-2022-46859 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | 2023-11-06 | 9.8 | CVE-2022-46860 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | 2023-11-06 | 9.8 | CVE-2022-47420 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4. | 2023-11-03 | 9.8 | CVE-2022-47426 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | 2023-11-06 | 9.8 | CVE-2022-47428 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | 2023-11-06 | 9.8 | CVE-2022-47430 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kemal YAZICI – PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8. | 2023-11-06 | 9.8 | CVE-2022-47432 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. | 2023-11-03 | 9.8 | CVE-2022-47445 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | 2023-11-03 | 9.8 | CVE-2022-47588 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 2023-11-07 | 9.8 | CVE-2023-22719 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms. This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | 2023-11-07 | 9.8 | CVE-2023-23796 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | 9.8 | CVE-2023-25700 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | 2023-11-03 | 9.8 | CVE-2023-25960 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. | 2023-11-03 | 9.8 | CVE-2023-26015 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | 2023-11-06 | 9.8 | CVE-2023-27605 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | 2023-11-06 | 9.8 | CVE-2023-28748 MISC |
| wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user’s email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin’s team 30 days ago. | 2023-11-03 | 9.8 | CVE-2023-3277 MISC MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | 2023-11-03 | 9.8 | CVE-2023-34383 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | 2023-11-06 | 9.8 | CVE-2023-35911 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4. | 2023-11-03 | 9.8 | CVE-2023-36529 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | 2023-11-06 | 9.8 | CVE-2023-38382 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 2023-11-06 | 9.8 | CVE-2023-40207 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | 2023-11-06 | 9.8 | CVE-2023-40609 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | 2023-11-03 | 9.8 | CVE-2023-41652 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. | 2023-11-06 | 9.8 | CVE-2023-41685 MISC |
| wordpress — wordpress | Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call. | 2023-11-03 | 9.8 | CVE-2023-43982 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0. | 2023-11-06 | 9.8 | CVE-2023-45001 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. | 2023-11-06 | 9.8 | CVE-2023-45046 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | 2023-11-06 | 9.8 | CVE-2023-45055 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | 2023-11-06 | 9.8 | CVE-2023-45069 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. | 2023-11-06 | 9.8 | CVE-2023-45074 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | 2023-11-06 | 9.8 | CVE-2023-45657 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | 2023-11-06 | 9.8 | CVE-2023-45830 MISC |
| wordpress — wordpress | The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. | 2023-11-06 | 9.8 | CVE-2023-5601 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter. This issue affects WP CSV Exporter: from n/a through 2.0. | 2023-11-07 | 8.8 | CVE-2022-38702 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV. This issue affects Export Users Data CSV: from n/a through 2.1. | 2023-11-07 | 8.8 | CVE-2022-41616 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter. This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | 2023-11-07 | 8.8 | CVE-2022-42882 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/a through 1.1.3. | 2023-11-07 | 8.8 | CVE-2022-44738 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users. This issue affects amr users: from n/a through 4.59.4. | 2023-11-07 | 8.8 | CVE-2022-45348 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool. This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. | 2023-11-07 | 8.8 | CVE-2022-45350 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct. This issue affects Export Users Data Distinct: from n/a through 1.3. | 2023-11-07 | 8.8 | CVE-2022-46804 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. | 2023-11-07 | 8.8 | CVE-2022-47181 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | 2023-11-07 | 8.8 | CVE-2022-47442 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | 2023-11-03 | 8.8 | CVE-2023-25800 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin | 2023-11-09 | 8.8 | CVE-2023-25975 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | 2023-11-07 | 8.8 | CVE-2023-25983 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | 8.8 | CVE-2023-25990 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin | 2023-11-09 | 8.8 | CVE-2023-25994 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin | 2023-11-10 | 8.8 | CVE-2023-29426 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin | 2023-11-10 | 8.8 | CVE-2023-29428 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin | 2023-11-10 | 8.8 | CVE-2023-29440 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin | 2023-11-10 | 8.8 | CVE-2023-30478 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin | 2023-11-10 | 8.8 | CVE-2023-31078 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin | 2023-11-09 | 8.8 | CVE-2023-31086 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin | 2023-11-09 | 8.8 | CVE-2023-31087 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin | 2023-11-09 | 8.8 | CVE-2023-31088 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin | 2023-11-09 | 8.8 | CVE-2023-31093 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin | 2023-11-09 | 8.8 | CVE-2023-31235 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin | 2023-11-09 | 8.8 | CVE-2023-32092 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin | 2023-11-09 | 8.8 | CVE-2023-32093 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin | 2023-11-09 | 8.8 | CVE-2023-32125 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart – Multipurpose WooCommerce Theme | 2023-11-09 | 8.8 | CVE-2023-32500 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin | 2023-11-09 | 8.8 | CVE-2023-32501 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin | 2023-11-09 | 8.8 | CVE-2023-32502 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin | 2023-11-09 | 8.8 | CVE-2023-32512 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin | 2023-11-09 | 8.8 | CVE-2023-32579 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin | 2023-11-09 | 8.8 | CVE-2023-32587 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin | 2023-11-09 | 8.8 | CVE-2023-32592 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin | 2023-11-09 | 8.8 | CVE-2023-32594 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin | 2023-11-09 | 8.8 | CVE-2023-32602 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin | 2023-11-09 | 8.8 | CVE-2023-32739 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin | 2023-11-09 | 8.8 | CVE-2023-32744 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin | 2023-11-09 | 8.8 | CVE-2023-32745 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin | 2023-11-09 | 8.8 | CVE-2023-32794 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin | 2023-11-09 | 8.8 | CVE-2023-34002 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin | 2023-11-09 | 8.8 | CVE-2023-34024 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin | 2023-11-09 | 8.8 | CVE-2023-34025 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin | 2023-11-09 | 8.8 | CVE-2023-34031 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin | 2023-11-09 | 8.8 | CVE-2023-34033 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc. TS Webfonts for ??????????? plugin | 2023-11-09 | 8.8 | CVE-2023-34169 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin | 2023-11-09 | 8.8 | CVE-2023-34177 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin | 2023-11-09 | 8.8 | CVE-2023-34178 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin | 2023-11-09 | 8.8 | CVE-2023-34181 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin | 2023-11-09 | 8.8 | CVE-2023-34182 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin | 2023-11-09 | 8.8 | CVE-2023-34371 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin | 2023-11-09 | 8.8 | CVE-2023-34386 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. | 2023-11-04 | 8.8 | CVE-2023-35910 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | 2023-11-07 | 8.8 | CVE-2023-36527 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | 2023-11-03 | 8.8 | CVE-2023-36677 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | 2023-11-07 | 8.8 | CVE-2023-41798 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection. This issue affects Icons Font Loader: from n/a through 1.1.2. | 2023-11-06 | 8.8 | CVE-2023-46084 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin | 2023-11-09 | 8.8 | CVE-2023-46614 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin | 2023-11-06 | 8.8 | CVE-2023-46775 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin | 2023-11-06 | 8.8 | CVE-2023-46776 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin | 2023-11-06 | 8.8 | CVE-2023-46777 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin | 2023-11-06 | 8.8 | CVE-2023-46778 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin | 2023-11-06 | 8.8 | CVE-2023-46779 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin | 2023-11-06 | 8.8 | CVE-2023-46780 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin | 2023-11-06 | 8.8 | CVE-2023-46781 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin | 2023-11-06 | 8.8 | CVE-2023-47182 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin | 2023-11-06 | 8.8 | CVE-2023-47186 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin | 2023-11-09 | 8.8 | CVE-2023-47238 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin | 2023-11-06 | 8.8 | CVE-2023-5823 MISC |
| wordpress — wordpress | The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | 2023-11-06 | 8.1 | CVE-2023-5355 MISC |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker. This issue affects User Blocker: from n/a through 1.5.5. | 2023-11-07 | 7.2 | CVE-2022-45078 |
| wordpress — wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | 2023-11-07 | 7.2 | CVE-2023-23678 |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. | 2023-11-03 | 7.2 | CVE-2023-32121 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. | 2023-11-03 | 7.2 | CVE-2023-32508 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. | 2023-11-04 | 7.2 | CVE-2023-32741 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | 2023-11-03 | 7.2 | CVE-2023-34179 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | 2023-11-04 | 7.2 | CVE-2023-38391 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | 2023-11-04 | 7.2 | CVE-2023-40215 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7. | 2023-11-06 | 7.2 | CVE-2023-46821 MISC |
| wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4. | 2023-11-06 | 7.2 | CVE-2023-46823 MISC |
| wordpress — wordpress | The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. | 2023-11-06 | 7.2 | CVE-2023-5082 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin | 2023-11-09 | 8.8 | CVE-2023-47237 |
| wpn-xm — wpn-xm | A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit. | 2023-11-03 | 9.8 | CVE-2023-4591 MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn’t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins). | 2023-11-06 | 9.8 | CVE-2023-46731 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46242
|
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to execute any content with the right of an existing document’s content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue. | 2023-11-07 | 8.8 | CVE-2023-46243
|
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46244
|
| xxyopen — novel-plus | SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | 2023-11-05 | 9.8 | CVE-2023-46981 MISC |
| zavio — cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-39435 |
| zavio — cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-3959 |
| zavio — cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests. | 2023-11-08 | 9.8 | CVE-2023-4249 |
| zavio — cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-43755 |
| zavio — cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-45225 |
| zohocorp — manageengine_desktop_central | A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | 2023-11-03 | 8.8 | CVE-2023-4769 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — allura | Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set “disable_entry_points.allura.importers = forge-tracker, forge-discussion” in your .ini config file. | 2023-11-07 | 4.9 | CVE-2023-46851 |
| apache — ofbiz | Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09 | 2023-11-07 | 5.3 | CVE-2023-46819
|
| arm — bifrost_gpu_kernel_driver | A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. | 2023-11-07 | 5.5 | CVE-2023-4272 |
| bootboxjs — bootbox | Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. | 2023-11-07 | 6.1 | CVE-2023-46998 |
| clastix — capsule | capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example, consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `–disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn’t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 4.3 | CVE-2023-46254 MISC MISC |
| cloudnet360 — cloudnet360 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin | 2023-11-08 | 6.1 | CVE-2023-46643 |
| color — demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. | 2023-11-05 | 6.5 | CVE-2023-47249 MISC |
| cure53 — dompurify | DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a ‘rel=”noopener noreferrer”‘ attribute. | 2023-11-07 | 6.1 | CVE-2019-25155 |
| docker — machine | Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-11-07 | 6.5 | CVE-2023-40453
|
| dstar2018 — agency | A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is named 975b56953efabb434519d9feefcc53685fb8d0ab. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-244495. | 2023-11-07 | 6.1 | CVE-2019-25156
|
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. | 2023-11-06 | 6.5 | CVE-2023-3909 MISC MISC |
| gitlab — gitlab | An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | 2023-11-06 | 6.5 | CVE-2023-4700 MISC MISC |
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. | 2023-11-06 | 6.5 | CVE-2023-5825 MISC MISC |
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | 2023-11-06 | 5.3 | CVE-2023-5831 MISC |
| gitlab — gitlab | An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attacker to block Sidekiq job processor. | 2023-11-06 | 4.3 | CVE-2023-3246 MISC MISC |
| gitlab — gitlab | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | 2023-11-06 | 4.3 | CVE-2023-5963 MISC |
| google — android | In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | 2023-11-06 | 6.7 | CVE-2023-32818 MISC |
| google — android | In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. | 2023-11-06 | 6.7 | CVE-2023-32834 MISC |
| google — android | In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | 2023-11-06 | 6.7 | CVE-2023-32835 MISC |
| google — android | In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725. | 2023-11-06 | 6.7 | CVE-2023-32836 MISC |
| google — android | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805. | 2023-11-06 | 6.7 | CVE-2023-32838 MISC |
| google — android | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576. | 2023-11-06 | 6.7 | CVE-2023-32839 MISC |
| google — android | In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130. | 2023-11-06 | 5.5 | CVE-2023-32825 MISC |
| gvectors — wpdiscuz | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments – wpDiscuz plugin | 2023-11-06 | 6.1 | CVE-2023-47185 MISC |
| hillstonenet — sc-6000-e3960_firmware | Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering. | 2023-11-05 | 6.1 | CVE-2023-46964 MISC |
| huawei — emui | Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. | 2023-11-08 | 5.9 | CVE-2022-48613 |
| huawei — emui | Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | 2023-11-08 | 5.3 | CVE-2023-46755 |
| huawei — emui | Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | 2023-11-08 | 5.3 | CVE-2023-46763 |
| huawei — emui | Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. | 2023-11-08 | 5.3 | CVE-2023-46764 |
| huawei — harmonyos | Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | 2023-11-08 | 5.3 | CVE-2023-46756 |
| ibm — content_navigator | IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. | 2023-11-03 | 5.4 | CVE-2023-35896 MISC MISC |
| ibm — robotic_process_automation_for_cloud_pak | A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | 2023-11-03 | 6.5 | CVE-2023-45189 MISC MISC |
| ibm — txseries_for_multiplatforms | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | 2023-11-03 | 5.4 | CVE-2023-42029 MISC MISC MISC |
| jbig2enc_project — jbig2enc | jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. | 2023-11-08 | 5.5 | CVE-2023-46362 |
| jbig2enc_project — jbig2enc | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. | 2023-11-08 | 5.5 | CVE-2023-46363 |
| kaoshifeng — yunfan_learning_examination_system | An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. | 2023-11-04 | 5.3 | CVE-2023-46963 MISC |
| kyocera — d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a “nicht einloggen” error rather than a falsch error. | 2023-11-03 | 5.3 | CVE-2023-34261 MISC MISC |
| kyocera — d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | 2023-11-03 | 4.9 | CVE-2023-34259 MISC MISC |
| lenovo — desktop_bios | A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43571 |
| lenovo — desktop_bios | A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43573 |
| lenovo — desktop_bios | A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43575 |
| lenovo — desktop_bios | A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43576 |
| lenovo — desktop_bios | A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43577 |
| lenovo — desktop_bios | A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43578 |
| lenovo — desktop_bios | A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43579 |
| lenovo — desktop_bios | A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43580 |
| lenovo — desktop_bios | A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43581 |
| lenovo — desktop_bios | A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 2023-11-08 | 4.4 | CVE-2023-43572 |
| lenovo — desktop_bios | A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 2023-11-08 | 4.4 | CVE-2023-43574 |
| linux — kernel | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. | 2023-11-03 | 4.3 | CVE-2023-47233 MISC MISC |
| linux — linux_kernel | A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | 2023-11-06 | 5.5 | CVE-2023-5090 MISC MISC |
| mattermost — mattermost | Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. | 2023-11-06 | 5.3 | CVE-2023-5969 MISC |
| mattermost — mattermost | Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | 2023-11-06 | 4.9 | CVE-2023-5968 MISC |
| mattermost — mattermost | Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin | 2023-11-06 | 4.3 | CVE-2023-5967 MISC |
| mediatek — lr12a | In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862). | 2023-11-06 | 6.5 | CVE-2023-32840 MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | 2023-11-03 | 5.4 | CVE-2023-45360 MISC |
| mediawiki — mediawiki | An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka “X intermediate revisions by the same user not shown”) ignores username suppression. This is an information leak. | 2023-11-03 | 4.3 | CVE-2023-45362 MISC |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | 6.6 | CVE-2023-36022 MISC |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-11-07 | 6.5 | CVE-2023-36409 MISC |
| microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-11-03 | 4.3 | CVE-2023-36029 MISC |
| microsoft — onenote | Microsoft OneNote Spoofing Vulnerability | 2023-11-06 | 5.4 | CVE-2023-36769 MISC |
| microweber — microweber | Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. | 2023-11-08 | 5.4 | CVE-2023-47379
|
| microweber — microweber | Improper Access Control in GitHub repository microweber/microweber prior to 2.0. | 2023-11-07 | 4.3 | CVE-2023-5976 |
| mitsubishi_electric — fx5u-32mt/es_firmware | Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | 2023-11-06 | 5.3 | CVE-2023-4625 MISC MISC MISC |
| moodle — moodle | The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | 2023-11-09 | 6.1 | CVE-2023-5541
|
| moodle — moodle | The course upload preview contained an XSS risk for users uploading unsafe data. | 2023-11-09 | 6.1 | CVE-2023-5547
|
| moodle — moodle | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 2023-11-09 | 5.4 | CVE-2023-5544
|
| moodle — moodle | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | 2023-11-09 | 5.4 | CVE-2023-5546
|
| msyk — fmdataapi | A vulnerability classified as problematic has been found in msyk FMDataAPI up to 22. Affected is an unknown function of the file FMDataAPI_Sample.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 23 is able to address this issue. The patch is identified as 3bd1709a8f7b1720529bf5dfc9855ad609f436cf. It is recommended to upgrade the affected component. VDB-244494 is the identifier assigned to this vulnerability. | 2023-11-07 | 6.1 | CVE-2021-4431
|
| mybb — mybb | MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn’t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): – _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_. | 2023-11-06 | 6.1 | CVE-2023-46251 MISC MISC MISC |
| mybb — mybb | Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. | 2023-11-06 | 5.4 | CVE-2023-45556 MISC MISC MISC |
| nasa — openmct | Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | 2023-11-09 | 6.5 | CVE-2023-45884 |
| nasa — openmct | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | 2023-11-09 | 5.4 | CVE-2023-45885 |
| nationaledtech — boomerang | An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=”false” attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | 2023-11-03 | 4.6 | CVE-2023-36620 MISC MISC MISC |
| ni — topografix_data_plugin | An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | 2023-11-08 | 5.5 | CVE-2023-5136 |
| nta — e-tax | e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2023-11-06 | 5.5 | CVE-2023-46802 MISC MISC |
| opensc_project — opensc | A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user’s awareness. | 2023-11-06 | 6.6 | CVE-2023-40660 MISC MISC MISC MISC MISC |
| opensc — opensc | Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. | 2023-11-06 | 6.4 | CVE-2023-40661 MISC MISC MISC MISC MISC |
| prestashop — prestashop | blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | 2023-11-09 | 5.3 | CVE-2023-47110 |
| proofpoint — enterprise_protection | Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. | 2023-11-06 | 6.1 | CVE-2023-5771 MISC |
| qnap — qts | A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later | 2023-11-03 | 4.3 | CVE-2023-39301 MISC |
| qualcomm — snapdragon | Information Disclosure in WLAN Host when processing WMI event command. | 2023-11-07 | 5.5 | CVE-2023-28553 |
| qualcomm — snapdragon | Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | 2023-11-07 | 5.5 | CVE-2023-28554 |
| qualcomm — snapdragon | Information disclosure in IOE Firmware while handling WMI command. | 2023-11-07 | 5.5 | CVE-2023-28563 |
| qualcomm — snapdragon | Information disclosure in WLAN HAL while handling the WMI state info command. | 2023-11-07 | 5.5 | CVE-2023-28566 |
| qualcomm — snapdragon | Information disclosure in WLAN HAL when reception status handler is called. | 2023-11-07 | 5.5 | CVE-2023-28568 |
| qualcomm — snapdragon | Information disclosure in WLAN HAL while handling command through WMI interfaces. | 2023-11-07 | 5.5 | CVE-2023-28569 |
| ragic — enterprise_cloud_database | Rogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | 2023-11-03 | 5.4 | CVE-2023-41343 MISC |
| rapid7 — velociraptor | Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user’s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). | 2023-11-06 | 6.1 | CVE-2023-5950 MISC |
| redhat — 3scale_api_management | A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. | 2023-11-06 | 5.5 | CVE-2023-4910 MISC MISC |
| redhat — quay | A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. | 2023-11-07 | 4.3 | CVE-2023-4956 |
| redmine — redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | 2023-11-05 | 6.1 | CVE-2023-47258 MISC |
| redmine — redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | 2023-11-05 | 6.1 | CVE-2023-47259 MISC |
| redmine — redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | 2023-11-05 | 6.1 | CVE-2023-47260 MISC |
| roundcube — webmail | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | 2023-11-06 | 6.1 | CVE-2023-47272 MISC MISC MISC
|
| samba — samba | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions. | 2023-11-03 | 6.5 | CVE-2023-4091 MISC MISC MISC MISC MISC MISC |
| samba — samba | A design flaw was found in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. | 2023-11-07 | 6.5 | CVE-2023-4154
|
| samba — samba | A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task. | 2023-11-06 | 6.5 | CVE-2023-42669 MISC MISC MISC MISC MISC |
| samba — samba | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba’s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation “classic DCs”) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as “The procedure number is out of range” when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. | 2023-11-03 | 6.5 | CVE-2023-42670 MISC MISC MISC MISC MISC |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42546 |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42547 |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42548 |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42549 |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42550 |
| samsung — account | Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42551 |
| samsung — account | Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | 2023-11-07 | 5.5 | CVE-2023-42540 |
| samsung — android | Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. | 2023-11-07 | 6.8 | CVE-2023-42533 |
| samsung — android | Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | 2023-11-07 | 5.5 | CVE-2023-42527 |
| samsung — android | Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | 2023-11-07 | 5.5 | CVE-2023-42534 |
| samsung — easysetup | Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | 2023-11-07 | 5.5 | CVE-2023-42555 |
| samsung — email | Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | 2023-11-07 | 5.3 | CVE-2023-42553 |
| samsung — health | PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. | 2023-11-07 | 5.5 | CVE-2023-42539 |
| samsung — pass | Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. | 2023-11-07 | 6.8 | CVE-2023-42554 |
| samsung — push_service | Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | 2023-11-07 | 5.3 | CVE-2023-42541 |
| samsung — quick_share | Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | 2023-11-07 | 5.5 | CVE-2023-42544 |
| samsung — ue40d7000_firmware | Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | 2023-11-08 | 4.3 | CVE-2023-41270 |
| sfu — pkp_web_application_library | Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5900 |
| sfu — pkp_web_application_library | Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5903 |
| sfu — pkp_web_application_library | Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5904 |
| sfu — pkp_web_application_library | PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. | 2023-11-06 | 5.3 | CVE-2023-47271 MISC |
| sfu — pkp_web_application_library | Unrestricted Upload of File with Dangerous Type in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 4.8 | CVE-2023-5901 |
| sigstore — cosign | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker-controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. | 2023-11-07 | 5.3 | CVE-2023-46737 |
| softing — smartlink_sw-ht | Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | 2023-11-06 | 6.1 | CVE-2022-48192 MISC MISC |
| squid-cache — squid | SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 2023-11-03 | 5.3 | CVE-2023-46846 MISC MISC MISC MISC MISC MISC
|
| squidex.io — squidex | Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability. | 2023-11-07 | 6.1 | CVE-2023-46252 |
| squidex.io — squidex | Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficient resulting to stored XSS attacks. Squidex allows the CMS contributors to be granted the permission of uploading an SVG asset. When the asset is uploaded, a filtering mechanism is performed to validate that the SVG does not contain malicious code. The validation logic consists of traversing the HTML nodes in the DOM. In order for the validation to succeed, 2 conditions must be met: 1. No HTML tags included in a “blacklist” called “InvalidSvgElements” are present. This list only contains the element “script”. and 2. No attributes of HTML tags begin with “on” (i.e. onerror, onclick) (line 65). If either of the 2 conditions is not satisfied, validation fails and the file/asset is not uploaded. However it is possible to bypass the above filtering mechanism and execute arbitrary JavaScript code by introducing other HTML elements such as an | 2023-11-07 | 5.4 | CVE-2023-46744 |
| synology — ssl_vpn_client | Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. | 2023-11-07 | 5.5 | CVE-2023-5748 |
| teamamaze — amaze_file_utilities | Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. | 2023-11-03 | 5.5 | CVE-2023-5948 MISC MISC |
| timeteccloud — auto_web-based_database_management_system | Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. | 2023-11-08 | 5.4 | CVE-2023-46483 |
| urbackup — urbackup_server | UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. | 2023-11-07 | 5.3 | CVE-2023-47102 |
| veeam — one | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. | 2023-11-07 | 5.4 | CVE-2023-38549 |
| veeam — one | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | 2023-11-07 | 4.3 | CVE-2023-38548 |
| veeam — one | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | 2023-11-07 | 4.3 | CVE-2023-41723 |
| visser — store_exporter_for_woocommerce | Unauth. Reflected Cross-Site Scripting’) vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin | 2023-11-06 | 6.1 | CVE-2023-46822 MISC |
| wisdomgarden — tronclass_ilearn | NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | 2023-11-03 | 6.5 | CVE-2023-41356 MISC |
| wondercms — wondercms | Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | 2023-11-07 | 6.1 | CVE-2023-41425 |
| wordpress — wordpress | The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | 2023-11-06 | 6.5 | CVE-2023-4930 MISC |
| wordpress — wordpress | The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-11-07 | 6.5 | CVE-2023-5709 |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin | 2023-11-08 | 6.1 | CVE-2023-32298 |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin | 2023-11-08 | 6.1 | CVE-2023-46621 |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin | 2023-11-08 | 6.1 | CVE-2023-46626 |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin | 2023-11-08 | 6.1 | CVE-2023-46627 |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin | 2023-11-07 | 6.1 | CVE-2023-47510 |
| wordpress — wordpress | The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-11-06 | 6.1 | CVE-2023-5354 MISC |
| wordpress — wordpress | The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘current_group_id’ parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-11-03 | 6.1 | CVE-2023-5946 MISC MISC |
| wordpress — wordpress | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin | 2023-11-07 | 5.4 | CVE-2023-28499 |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin | 2023-11-08 | 5.4 | CVE-2023-46613 |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin | 2023-11-08 | 5.4 | CVE-2023-46640 |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin | 2023-11-06 | 5.4 | CVE-2023-46782 MISC |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin | 2023-11-06 | 5.4 | CVE-2023-46783 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin | 2023-11-06 | 5.4 | CVE-2023-47177 MISC |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin | 2023-11-08 | 5.4 | CVE-2023-47190 |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin | 2023-11-08 | 5.4 | CVE-2023-47229 |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin | 2023-11-08 | 5.4 | CVE-2023-47231 |
| wordpress — wordpress | The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘social_warfare’ shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-4842
|
| wordpress — wordpress | The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘sfp-page-plugin’ shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-4888
|
| wordpress — wordpress | The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ziteboard’ shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5076 |
| wordpress — wordpress | The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘imagemap’ shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5507 |
| wordpress — wordpress | The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘qrcodetag’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5567 |
| wordpress — wordpress | The Bitly’s plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpbitly’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5577 |
| wordpress — wordpress | The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_mapit’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5658 |
| wordpress — wordpress | The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘interact-quiz’ shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5659 |
| wordpress — wordpress | The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5660 |
| wordpress — wordpress | The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialfeed’ shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5661 |
| wordpress — wordpress | The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5669
|
| wordpress — wordpress | The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘giftup’ shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5703
|
| wordpress — wordpress | The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slider’ shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-03 | 5.4 | CVE-2023-5707 MISC MISC MISC MISC |
| wordpress — wordpress | The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘telnumlink’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-07 | 5.4 | CVE-2023-5743
|
| wordpress — wordpress | The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-03 | 5.4 | CVE-2023-5945 MISC MISC MISC |
| wordpress — wordpress | The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the ‘updraftmethod-googledrive-auth’ action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. | 2023-11-07 | 5.4 | CVE-2023-5982 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin | 2023-11-06 | 4.8 | CVE-2023-23702 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin | 2023-11-09 | 4.8 | CVE-2023-36688 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin | 2023-11-08 | 4.8 | CVE-2023-46642 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin | 2023-11-06 | 4.8 | CVE-2023-46824 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin | 2023-11-08 | 4.8 | CVE-2023-47181 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin | 2023-11-06 | 4.8 | CVE-2023-47184 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin | 2023-11-08 | 4.8 | CVE-2023-47223 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin | 2023-11-08 | 4.8 | CVE-2023-47226 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin | 2023-11-08 | 4.8 | CVE-2023-47227 |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin | 2023-11-08 | 4.8 | CVE-2023-47228 |
| wordpress — wordpress | The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-06 | 4.8 | CVE-2023-4810 MISC MISC |
| wordpress — wordpress | The Simple Table Manager WordPress plugin through 1.5.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-11-06 | 4.8 | CVE-2023-4858 MISC MISC |
| wordpress — wordpress | The WP Discord Invite WordPress plugin before 2.5.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-06 | 4.8 | CVE-2023-5181 MISC |
| wordpress — wordpress | The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-11-06 | 4.8 | CVE-2023-5228 MISC |
| wordpress — wordpress | The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc. however the vendor acknowledged and fixed the issue | 2023-11-06 | 4.8 | CVE-2023-5530 MISC MISC |
| wordpress — wordpress | The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-06 | 4.8 | CVE-2023-5605 MISC |
| wordpress — wordpress | The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS. | 2023-11-07 | 4.8 | CVE-2023-5819
|
| wordpress — wordpress | The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. | 2023-11-06 | 4.3 | CVE-2023-5352 MISC |
| wordpress — wordpress | The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘imgmap_delete_area_ajax’ function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages. | 2023-11-07 | 4.3 | CVE-2023-5506 |
| wordpress — wordpress | The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the ‘imgmap_save_area_title’ function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-07 | 4.3 | CVE-2023-5532 |
| wordpress — wordpress | The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-07 | 4.3 | CVE-2023-5818 |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 4.3 | CVE-2023-5902 |
| wordpress — wordpress | The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-07 | 4.3 | CVE-2023-5975
|
| wpn-xm — wpn-xm | A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking. | 2023-11-03 | 6.1 | CVE-2023-4592 MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability. | 2023-11-06 | 6.1 | CVE-2023-46732 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch. | 2023-11-07 | 4.3 | CVE-2023-38509
|
| yugabyte — yugabytedb | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. | 2023-11-08 | 6.1 | CVE-2023-6002 |
| zohocorp — manageengine_desktop_central | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | 2023-11-03 | 6.1 | CVE-2023-4767 MISC |
| zohocorp — manageengine_desktop_central | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. | 2023-11-03 | 6.1 | CVE-2023-4768 MISC |
| zscaler — client_connector | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-11-06 | 6.5 | CVE-2023-28794 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| nokia — g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. | 2023-11-03 | 3.3 | CVE-2023-41354 MISC |
| opensc — opensc | An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system’s security. | 2023-11-06 | 3.8 | CVE-2023-4535 MISC MISC MISC MISC MISC MISC |
| samsung — firewall | Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. | 2023-11-07 | 3.3 | CVE-2023-42552 |
| samsung — push_service | Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. | 2023-11-07 | 3.3 | CVE-2023-42542 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — pyarrow | Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vulnerability only affects PyArrow, no other Apache Arrow implementations or bindings. It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon. If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions. | 2023-11-09 | not yet calculated | CVE-2023-47248
|
| apache — uima_java_sdk_core |
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module. Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object. When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution. As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290 and https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue. To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the “jdk.serialFilter” system property using a semicolon as a separator: To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Make sure to use “!*” as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern. Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version. | 2023-11-08 | not yet calculated | CVE-2023-39913 |
| apereo_foundation — apereo_cas |
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass. This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability. | 2023-11-09 | not yet calculated | CVE-2023-4612 |
| appsanywhere — appsanywhere | The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. | 2023-11-09 | not yet calculated | CVE-2023-41138 |
| appsanywhere — appsanywhere |
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | 2023-11-09 | not yet calculated | CVE-2023-41137 |
| avast/avg — avast/avg_antivirus | A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system. This issue affects Avast/Avg Antivirus: 23.8. | 2023-11-08 | not yet calculated | CVE-2023-5760 |
| axios — axios |
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. | 2023-11-08 | not yet calculated | CVE-2023-45857 |
| bigbluebutton — bigbluebutton | When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | 2023-11-09 | not yet calculated | CVE-2023-5543
|
| bigbluebutton — bigbluebutton |
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users so that it points to the attacker’s server, thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0. | 2023-11-08 | not yet calculated | CVE-2023-47107 |
| beijing_baichuo — smart_s85f_firmware | A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-11 | not yet calculated | CVE-2023-5959
|
| chromedriver — chromedriver |
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver. | 2023-11-09 | not yet calculated | CVE-2023-26156
|
| combodo — itop | Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. | 2023-11-09 | not yet calculated | CVE-2023-47488 |
| combodo — itop | An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | 2023-11-09 | not yet calculated | CVE-2023-47489 |
| couchbase_inc. — couchbase_server |
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. | 2023-11-08 | not yet calculated | CVE-2023-45875
|
| discourse — discourse | Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-11-10 | not yet calculated | CVE-2023-47120
|
| discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server-side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. | 2023-11-10 | not yet calculated | CVE-2023-47121
|
| discourse — discourse |
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they’ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the “bleeding” by ensuring users only use alphanumeric characters in their full name field. | 2023-11-10 | not yet calculated | CVE-2023-45806
|
| discourse — discourse |
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds. | 2023-11-10 | not yet calculated | CVE-2023-45816
|
| discourse — discourse |
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. | 2023-11-10 | not yet calculated | CVE-2023-46130
|
| discourse — discourse |
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-11-10 | not yet calculated | CVE-2023-47119
|
| eclipse_foundation — eclipse_ide |
In Eclipse IDE versions | 2023-11-09 | not yet calculated | CVE-2023-4218
|
| ethyca — fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject’s personal data can then be retrieved from connected systems and data stores before being bundled together as a data subject access request package for the data subject to download. Supported data formats for the package include json and csv, but the most commonly used format is a series of HTML files compressed in a ZIP file. Once downloaded and unzipped, the data subject user can browse the HTML files on their local machine. It was identified that there was no validation of input coming from e.g. the connected systems and data stores which is later reflected in the downloaded data. This can result in an HTML injection that can be abused e.g. for phishing attacks or malicious JavaScript code execution, but only in the context of the data subject’s browser accessing a HTML page using the `file://` protocol. Exploitation is limited to rogue Admin UI users, malicious connected system / data store users, and the data subject user if tricked via social engineering into submitting malicious data themselves. This vulnerability has been patched in version 2.23.3. | 2023-11-08 | not yet calculated | CVE-2023-47114
|
| free_software_foundation — grub-legacy | An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. | 2023-11-10 | not yet calculated | CVE-2023-4949 |
| freebsd — freebsd | In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects’ write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc’s stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. | 2023-11-08 | not yet calculated | CVE-2023-5941 |
| freebsd — freebsd | In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. | 2023-11-08 | not yet calculated | CVE-2023-5978 |
| gitlab — gitlab |
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | 2023-11-09 | not yet calculated | CVE-2023-4379 |
| gitsign — gitsign | Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) – anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available. | 2023-11-10 | not yet calculated | CVE-2023-47122
|
| go_standard_library — path/filepath |
The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a path beginning with \?. Paths with a ?? prefix may be used to access arbitrary locations on the system. For example, the path ??c:x is equivalent to the more common path c:x. Before fix, Clean could convert a rooted path such as a..??b into the root local device path ??b. Clean will now convert this to .??b. Similarly, Join(, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path ??b. Join will now convert this to .??b. In addition, with fix, IsAbs now correctly reports paths beginning with ?? as absolute, and VolumeName correctly reports the ?? prefix as a volume name. | 2023-11-09 | not yet calculated | CVE-2023-45283
|
| go_standard_library — path/filepath |
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as “COM1 “, and reserved names “COM” and “LPT” followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. | 2023-11-09 | not yet calculated | CVE-2023-45284
|
| gpac — mp4box |
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data. | 2023-11-07 | not yet calculated | CVE-2023-46001 |
| harbor — harbor |
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | 2023-11-09 | not yet calculated | CVE-2023-20902 |
| hashicorp — vault | HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. | 2023-11-09 | not yet calculated | CVE-2023-5954 |
| hcl_software — hcl_connections |
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user’s account then launch other attacks. | 2023-11-09 | not yet calculated | CVE-2023-37533 |
| headscale — headscale | Headscale through 0.22.3 writes bearer tokens to info-level logs. | 2023-11-11 | not yet calculated | CVE-2023-47390 |
| hoteldruid — hoteldruid | Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 2023-11-10 | not yet calculated | CVE-2023-47164
|
| huawei — emui |
Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data. | 2023-11-08 | not yet calculated | CVE-2023-46772 |
| humansignal — label_studio |
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced. | 2023-11-09 | not yet calculated | CVE-2023-43791
|
| ibm — aix |
IBM AIX’s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | 2023-11-10 | not yet calculated | CVE-2023-45167
|
| ibm — qradar_siem |
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484. | 2023-11-11 | not yet calculated | CVE-2023-43057 |
| jaspersoft — clarity_ppm |
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | 2023-11-09 | not yet calculated | CVE-2023-37790 |
| johnson_controls — quantum_hd_unity | An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 2023-11-10 | not yet calculated | CVE-2023-4804 |
| lanaccess — onsafe_monitorhm | An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | 2023-11-08 | not yet calculated | CVE-2023-6012 |
| lenovo — 1_preload_directory |
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | 2023-11-08 | not yet calculated | CVE-2023-4706 |
| lenovo — bios |
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | 2023-11-08 | not yet calculated | CVE-2023-45075 |
| lenovo — bios |
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | 2023-11-08 | not yet calculated | CVE-2023-45076 |
| lenovo — bios |
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | 2023-11-08 | not yet calculated | CVE-2023-45077 |
| lenovo — bios |
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | 2023-11-08 | not yet calculated | CVE-2023-45078 |
| lenovo — bios |
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | 2023-11-08 | not yet calculated | CVE-2023-45079 |
| lenovo — desktop_bios |
A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | not yet calculated | CVE-2023-43567 |
| lenovo — desktop_bios |
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 2023-11-08 | not yet calculated | CVE-2023-43568 |
| lenovo — desktop_bios |
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | not yet calculated | CVE-2023-43569 |
| lenovo — desktop_bios |
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. | 2023-11-08 | not yet calculated | CVE-2023-43570 |
| lenovo — ideapad | A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | not yet calculated | CVE-2023-5075 |
| lenovo — lecloud_app | Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | 2023-11-08 | not yet calculated | CVE-2023-5079 |
| lenovo — system_update |
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | 2023-11-08 | not yet calculated | CVE-2023-4632 |
| lenovo — thinkpad | A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | 2023-11-08 | not yet calculated | CVE-2023-5078 |
| lenovo — view_driver | A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. | 2023-11-08 | not yet calculated | CVE-2023-4891 |
| f.b.p — members_line | The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47363 |
| f.b.p — members_line | The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims | 2023-11-09 | not yet calculated | CVE-2023-47364 |
| f.b.p — members_line | The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47365 |
| f.b.p — members_line | The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47366 |
| f.b.p — members_line | The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47367 |
| f.b.p — members_line | The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47368 |
| f.b.p — members_line | The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. | 2023-11-09 | not yet calculated | CVE-2023-47369 |
| f.b.p — members_line | The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47370 |
| f.b.p — members_line | The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47372 |
| f.b.p — members_line | The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. | 2023-11-09 | not yet calculated | CVE-2023-47373 |
| linux — kernel | A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. | 2023-11-09 | not yet calculated | CVE-2023-6039
|
| linux — kernel |
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. | 2023-11-09 | not yet calculated | CVE-2023-39198 |
| loytec_electronics — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. | 2023-11-04 | not yet calculated | CVE-2023-46380 MISC |
| loytec_electronics — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | 2023-11-04 | not yet calculated | CVE-2023-46381 MISC |
| loytec_electronics — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. | 2023-11-04 | not yet calculated | CVE-2023-46382 MISC |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-11-10 | not yet calculated | CVE-2023-36027 |
| mldb.ai — mldb.ai |
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html. | 2023-11-09 | not yet calculated | CVE-2023-46492 |
| moodle — moodle | A remote code execution risk was identified in the Lesson activity. By default, this was only available to teachers and managers. | 2023-11-09 | not yet calculated | CVE-2023-5539
|
| moodle — moodle | A remote code execution risk was identified in the IMSCP activity. By default, this was only available to teachers and managers. | 2023-11-09 | not yet calculated | CVE-2023-5540
|
| moodle — moodle | Students in “Only see own membership” groups could see other students in the group, which should be hidden. | 2023-11-09 | not yet calculated | CVE-2023-5542
|
| moodle — moodle | H5P metadata automatically populated the author with the user’s username, which could be sensitive information. | 2023-11-09 | not yet calculated | CVE-2023-5545
|
| moodle — moodle | Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | 2023-11-09 | not yet calculated | CVE-2023-5548
|
| moodle — moodle | Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | 2023-11-09 | not yet calculated | CVE-2023-5549
|
| moodle — moodle | In a shared hosting environment that has been misconfigured to allow access to other users’ content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilize a local file include to achieve remote code execution. | 2023-11-09 | not yet calculated | CVE-2023-5550
|
| moodle — moodle | Separate Groups mode restrictions were not honored in the forum summary report, which would display users from other groups. | 2023-11-09 | not yet calculated | CVE-2023-5551
|
| natus — multiple_products | Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 2023-11-10 | not yet calculated | CVE-2023-47800 |
| okta — ldap_agent |
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | 2023-11-08 | not yet calculated | CVE-2023-0392 |
| opentelemetry — opentelemetry | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`. | 2023-11-10 | not yet calculated | CVE-2023-47108
|
| opentext — fortify_scancentral_dast | Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges. This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | 2023-11-08 | not yet calculated | CVE-2023-5913 |
| openvpn — openvpn |
Using the –fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. | 2023-11-11 | not yet calculated | CVE-2023-46849
|
| openvpn — openvpn |
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. | 2023-11-11 | not yet calculated | CVE-2023-46850
|
| ovh — the_bastion |
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don’t honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15. | 2023-11-08 | not yet calculated | CVE-2023-45140 |
| palo_alto_networks — cortex_xsoar |
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | 2023-11-08 | not yet calculated | CVE-2023-3282 |
| pfsense_ce — pfsense_ce |
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | 2023-11-08 | not yet calculated | CVE-2023-29974 |
| pfsense_ce — pfsense_ce |
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | 2023-11-09 | not yet calculated | CVE-2023-29975 |
| philips — encoreanywhere |
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. | 2023-11-09 | not yet calculated | CVE-2018-8863 |
| phpgurukul — restaurant_table_booking_system | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943. | 2023-11-10 | not yet calculated | CVE-2023-6074 |
| phpgurukul — restaurant_table_booking_system | A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944. | 2023-11-10 | not yet calculated | CVE-2023-6075 |
| phpgurukul — restaurant_table_booking_system | A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | 2023-11-10 | not yet calculated | CVE-2023-6076 |
| piccolo — piccolo | Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality, they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non-exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue. | 2023-11-10 | not yet calculated | CVE-2023-47128 |
| prestashop — blockreassurance | PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. | 2023-11-08 | not yet calculated | CVE-2023-47109
|
| projectworlds — online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46676 |
| projectworlds — online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46677 |
| projectworlds — online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_upass’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46678 |
| projectworlds — online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname_email’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46679 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46786 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46787 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter in the ‘uploadphoto()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46788 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic1’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46789 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic2’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46790 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic4’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46792 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘day’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46793 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46794 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46795 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘month’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46796 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46797 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘year’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46799 |
| projectworlds — online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | not yet calculated | CVE-2023-46800 |
| qnap_systems_inc. — multiple_products |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later. | 2023-11-10 | not yet calculated | CVE-2023-23367 |
| qnap_systems_inc. — qumagie | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | 2023-11-10 | not yet calculated | CVE-2023-41284 |
| qnap_systems_inc. — qumagie |
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later | 2023-11-10 | not yet calculated | CVE-2023-39295 |
| qnap_systems_inc. — qumagie |
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | 2023-11-10 | not yet calculated | CVE-2023-41285 |
| sentry — sentry-javascript |
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0. | 2023-11-10 | not yet calculated | CVE-2023-46729
|
| solarwinds_ — network_configuration_manager |
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 | 2023-11-09 | not yet calculated | CVE-2023-40054 |
| solarwinds_ — network_configuration_manager |
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 | 2023-11-09 | not yet calculated | CVE-2023-40055 |
| spiceworks — help_desk_server |
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | 2023-11-09 | not yet calculated | CVE-2021-43609
|
| statmic — statmic | Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0. | 2023-11-10 | not yet calculated | CVE-2023-47129
|
| symfony — symfony |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn’t change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated. | 2023-11-10 | not yet calculated | CVE-2023-46733
|
| symfony — symfony |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don’t actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | 2023-11-10 | not yet calculated | CVE-2023-46734
|
| symfony — symfony |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn’t return any user-submitted input in its response. | 2023-11-10 | not yet calculated | CVE-2023-46735 |
| telit_cinterion — multiple_products | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. | 2023-11-09 | not yet calculated | CVE-2023-47610 |
| telit_cinterion — multiple_products | A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to “manufacturer” level on the targeted system. | 2023-11-10 | not yet calculated | CVE-2023-47611 |
| telit_cinterion — multiple_products | A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | 2023-11-09 | not yet calculated | CVE-2023-47612 |
| telit_cinterion — multiple_products | A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | 2023-11-09 | not yet calculated | CVE-2023-47613 |
| telit_cinterion — multiple_products | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system. | 2023-11-10 | not yet calculated | CVE-2023-47614 |
| telit_cinterion — multiple_products | A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. | 2023-11-09 | not yet calculated | CVE-2023-47615 |
| telit_cinterion — multiple_products | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system. | 2023-11-09 | not yet calculated | CVE-2023-47616 |
| tibco_software_inc. — spotfire |
The Spotfire Connectors component of TIBCO Software Inc.’s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0. | 2023-11-08 | not yet calculated | CVE-2023-26221 |
| tongda — oa | A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-09 | not yet calculated | CVE-2023-6052
|
| tongda — oa | A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-09 | not yet calculated | CVE-2023-6053
|
| tongda — oa | A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-09 | not yet calculated | CVE-2023-6054
|
| volkswagen — id.3 | Attacker can perform a Denial-of-Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | 2023-11-10 | not yet calculated | CVE-2023-6073 |
| wbce_cms — wbce_cms |
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. | 2023-11-10 | not yet calculated | CVE-2023-39796
|
| wildfly-core — wildfly-core |
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system. | 2023-11-08 | not yet calculated | CVE-2023-4061
|
| wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin | 2023-11-10 | not yet calculated | CVE-2023-31077 |
| xwiki — xwiki |
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. | 2023-11-09 | not yet calculated | CVE-2023-46743 |
| yugabytedb — yugabytedb_anywhere | Prometheus metrics are available without authentication. These metrics expose detailed and sensitive information about the YugabyteDB Anywhere environment. | 2023-11-08 | not yet calculated | CVE-2023-6001 |
| zitadel — zitadel | ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the number of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3. | 2023-11-08 | not yet calculated | CVE-2023-47111
|
| zyxel — gs1900-24ep | The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device. | 2023-11-07 | not yet calculated | CVE-2023-35140 |