電腦維修中心每天都會更新以下電腦病毒及入侵警告, 希望大家可以及早留意; 以免因病毒感染而引致資料遺失或硬件損壞!
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| wibu -- codemeter_runtime |
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. | 2023-09-13 | 10 | CVE-2023-3935 MISC MISC |
| sap -- businessobjects_business_intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. | 2023-09-12 | 9.9 | CVE-2023-40622 MISC MISC |
| dlink -- dir-619l_firmware | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. | 2023-09-11 | 9.8 | CVE-2020-19319 MISC |
| dlink -- dir-619l_firmware | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. | 2023-09-11 | 9.8 | CVE-2020-19320 MISC MISC |
| mofinetwork -- mofi4500-4gxelte-v2_firmware | An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. | 2023-09-08 | 9.8 | CVE-2021-27715 MISC MISC |
| rockwell_automation -- factorytalk_view | Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function. | 2023-09-12 | 9.8 | CVE-2023-2071 MISC |
| xxyopen -- novel-plus | novel-plus 3.6.2 is vulnerable to SQL Injection. | 2023-09-11 | 9.8 | CVE-2023-30058 MISC MISC |
| tsplus -- tsplus_remote_access | An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | 2023-09-11 | 9.8 | CVE-2023-31067 MISC MISC |
| tsplus -- tsplus_remote_access | An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | 2023-09-11 | 9.8 | CVE-2023-31068 MISC MISC |
| google -- android | In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 9.8 | CVE-2023-35681 MISC MISC |
| phpjabbers -- cleaning_business_software | In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | 2023-09-11 | 9.8 | CVE-2023-36140 MISC MISC |
| trendylogics -- crypto_currency_tracker | Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. | 2023-09-08 | 9.8 | CVE-2023-37759 MISC MISC MISC |
| adobe -- coldfusion |
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-09-14 | 9.8 | CVE-2023-38204 MISC |
| conemu_project -- conemu | ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387. | 2023-09-12 | 9.8 | CVE-2023-39150 MISC MISC |
| golang -- go | The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. | 2023-09-08 | 9.8 | CVE-2023-39320 MISC MISC MISC MISC |
| dlink -- dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | 2023-09-12 | 9.8 | CVE-2023-39637 MISC MISC MISC MISC |
| arris -- tg852g_firmware | An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. | 2023-09-11 | 9.8 | CVE-2023-40039 MISC MISC MISC |
| dedecms -- dedecms | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | 2023-09-12 | 9.8 | CVE-2023-40784 MISC MISC |
| opencart -- opencart | OpenCart v4.0.2.2 is vulnerable to Brute Force Attack. | 2023-09-12 | 9.8 | CVE-2023-40834 MISC MISC |
| schoolmate -- schoolmate | Schoolmate 1.3 is vulnerable to SQL Injection in the variable schoolname from Database at ~\header.php. | 2023-09-11 | 9.8 | CVE-2023-40944 MISC |
| sourcecodester -- doctor_appointment_system | Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. | 2023-09-11 | 9.8 | CVE-2023-40945 MISC |
| schoolmate -- schoolmate | Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php. | 2023-09-11 | 9.8 | CVE-2023-40946 MISC |
| zoo_management_system_project -- zoo_management_system | Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. | 2023-09-08 | 9.8 | CVE-2023-41615 MISC MISC MISC |
| jeecg -- jeecg_boot | Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. | 2023-09-08 | 9.8 | CVE-2023-42268 MISC |
| hutool -- hutool | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | 2023-09-08 | 9.8 | CVE-2023-42276 MISC |
| hutool -- hutool | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. | 2023-09-08 | 9.8 | CVE-2023-42277 MISC |
| imoulife -- life | The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs. | 2023-09-11 | 9.8 | CVE-2023-42470 MISC MISC MISC |
| wave-ai -- wave | The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third-party application (with no permissions). | 2023-09-11 | 9.8 | CVE-2023-42471 MISC MISC MISC |
| sourcecodester -- simple_membership_system | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability. | 2023-09-09 | 9.8 | CVE-2023-4845 MISC MISC MISC |
| sourcecodester -- simple_book_catalog_app | A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability. | 2023-09-09 | 9.8 | CVE-2023-4848 MISC MISC MISC |
| sourcecodester -- online_tours_\&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239351. | 2023-09-10 | 9.8 | CVE-2023-4866 MISC MISC MISC |
| sourcecodester -- contact_manager_app | A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356. | 2023-09-10 | 9.8 | CVE-2023-4871 MISC MISC MISC |
| sourcecodester -- contact_manager_app | A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability. | 2023-09-10 | 9.8 | CVE-2023-4872 MISC MISC MISC |
| byzoro -- smart_s45f_firmware | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability. | 2023-09-10 | 9.8 | CVE-2023-4873 MISC MISC MISC |
| mintplexlabs -- anythingllm | Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 2023-09-11 | 9.8 | CVE-2023-4897 MISC MISC |
| adobe -- commerce |
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | 2023-09-12 | 9.1 | CVE-2022-24093 MISC |
| ibm -- security_directory_server | IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | 2023-09-08 | 9.1 | CVE-2022-33164 MISC MISC |
| dlink -- dir-605l_firmware | Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. | 2023-09-11 | 8.8 | CVE-2020-19318 MISC |
| redhat -- decision_manager | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. | 2023-09-11 | 8.8 | CVE-2022-1415 MISC MISC MISC |
| microsoft -- azure_devops |
Azure DevOps Server Remote Code Execution Vulnerability | 2023-09-12 | 8.8 | CVE-2023-33136 MISC |
| google -- android | In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 8.8 | CVE-2023-35658 MISC MISC |
| google -- android | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 8.8 | CVE-2023-35673 MISC MISC |
| google -- android | In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 8.8 | CVE-2023-35684 MISC MISC |
| govee -- home | Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. | 2023-09-11 | 8.8 | CVE-2023-3612 MISC |
| microsoft -- sharepoint_server |
Microsoft SharePoint Server Elevation of Privilege Vulnerability | 2023-09-12 | 8.8 | CVE-2023-36764 MISC |
| microsoft -- windows_11 |
Windows Themes Remote Code Execution Vulnerability | 2023-09-12 | 8.8 | CVE-2023-38146 MISC |
| microsoft -- multiple_products |
Windows Miracast Wireless Display Remote Code Execution Vulnerability | 2023-09-12 | 8.8 | CVE-2023-38147 MISC |
| microsoft -- multiple_products |
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 2023-09-12 | 8.8 | CVE-2023-38148 MISC |
| netis-systems -- wf2409e_firmware | An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | 2023-09-11 | 8.8 | CVE-2023-38829 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database. | 2023-09-12 | 8.8 | CVE-2023-40726 MISC |
| idreamsoft -- icms | icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-09-08 | 8.8 | CVE-2023-40953 MISC MISC |
| wordpress -- wordpress |
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user. | 2023-09-13 | 8.8 | CVE-2023-4153 MISC MISC MISC |
| wordpress -- wordpress |
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts. | 2023-09-13 | 8.8 | CVE-2023-4213 MISC MISC |
| mozilla -- firefox | Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 8.8 | CVE-2023-4582 MISC MISC MISC MISC |
| mozilla -- thunderbird | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 8.8 | CVE-2023-4584 MISC MISC MISC MISC MISC MISC |
| mozilla -- thunderbird | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 8.8 | CVE-2023-4585 MISC MISC MISC MISC |
| wibu -- codemeter_runtime |
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system. | 2023-09-13 | 8.8 | CVE-2023-4701 MISC MISC |
| hitachi_energy -- asset_suite | A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action. | 2023-09-11 | 8.8 | CVE-2023-4816 MISC |
| sourcecodester -- take-note_app | A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability. | 2023-09-09 | 8.8 | CVE-2023-4865 MISC MISC MISC |
| sourcecodester -- contact_manager_app | A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability. | 2023-09-10 | 8.8 | CVE-2023-4868 MISC MISC MISC |
| sourcecodester -- contact_manager_app | A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability. | 2023-09-10 | 8.8 | CVE-2023-4869 MISC MISC MISC |
| mintplexlabs -- anything-llm | SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 2023-09-12 | 8.8 | CVE-2023-4899 MISC MISC |
| wordpress -- wordpress |
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-09-13 | 8.8 | CVE-2023-4916 MISC MISC |
| mozilla -- firefox | On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 8.6 | CVE-2023-4576 MISC MISC MISC MISC MISC MISC |
| siemens -- spectrum_power_7 |
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 2023-09-14 | 8.2 | CVE-2023-38557 MISC |
| hichip -- shenzhen_hichip_vision_technology_firmware | Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network. | 2023-09-11 | 8.1 | CVE-2022-23382 MISC |
| openpmix -- openpmix | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 2023-09-09 | 8.1 | CVE-2023-41915 MISC CONFIRM CONFIRM |
| microsoft -- exchange_server |
Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-09-12 | 8 | CVE-2023-36744 MISC |
| microsoft -- exchange_server |
Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-09-12 | 8 | CVE-2023-36745 MISC |
| microsoft -- exchange_server |
Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-09-12 | 8 | CVE-2023-36756 MISC |
| microsoft -- exchange_server |
Microsoft Exchange Server Spoofing Vulnerability | 2023-09-12 | 8 | CVE-2023-36757 MISC |
| foxconn -- live_update_utility | An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges. | 2023-09-11 | 7.8 | CVE-2020-24088 MISC MISC MISC |
| adobe -- indesign | Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28831 MISC |
| adobe -- indesign | Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28832 MISC |
| adobe -- indesign | Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28833 MISC |
| adobe -- incopy | Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28834 MISC |
| adobe -- incopy | Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28835 MISC |
| adobe -- incopy | Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-28836 MISC |
| adobe -- acrobat_reader | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-34224 MISC |
| adobe -- acrobat_reader | Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.8 | CVE-2022-34227 MISC |
| adobe -- acrobat_reader |
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-13 | 7.8 | CVE-2023-26369 MISC |
| microsoft -- multiple_products |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-35355 MISC |
| google -- android | In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35665 MISC MISC |
| google -- android | In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35666 MISC MISC |
| google -- android | In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35667 MISC MISC |
| google -- android | In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35669 MISC MISC |
| google -- android | In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35670 MISC MISC |
| google -- android | In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35674 MISC MISC |
| google -- android | In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35676 MISC MISC |
| google -- android | In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35682 MISC MISC |
| google -- android | In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 7.8 | CVE-2023-35687 MISC MISC |
| microsoft -- 3d_viewer |
3D Viewer Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36739 MISC |
| microsoft -- 3d_viewer |
3D Viewer Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36740 MISC |
| microsoft -- visual_studio |
Visual Studio Code Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36742 MISC |
| microsoft -- visual_studio |
Visual Studio Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36758 MISC |
| microsoft -- 3d_viewer |
3D Viewer Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36760 MISC |
| microsoft -- office |
Microsoft Office Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36765 MISC |
| microsoft -- excel |
Microsoft Excel Information Disclosure Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36766 MISC |
| microsoft -- 3d_builder |
3D Builder Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36770 MISC |
| microsoft -- 3d_builder |
3D Builder Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36771 MISC |
| microsoft -- 3d_builder |
3D Builder Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36772 MISC |
| microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36773 MISC |
| microsoft -- .net |
.NET Framework Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36788 MISC |
| microsoft -- visual_studio |
Visual Studio Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36792 MISC |
| microsoft -- visual_studio |
Visual Studio Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36793 MISC |
| microsoft -- visual_studio |
Visual Studio Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36794 MISC |
| microsoft -- visual_studio |
Visual Studio Remote Code Execution Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36796 MISC |
| microsoft -- multiple_products |
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36802 MISC |
| microsoft -- multiple_products |
Windows GDI Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-36804 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818) | 2023-09-12 | 7.8 | CVE-2023-38070 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824) | 2023-09-12 | 7.8 | CVE-2023-38071 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825) | 2023-09-12 | 7.8 | CVE-2023-38072 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826) | 2023-09-12 | 7.8 | CVE-2023-38073 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840) | 2023-09-12 | 7.8 | CVE-2023-38074 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842) | 2023-09-12 | 7.8 | CVE-2023-38075 MISC |
| siemens -- teamcenter_visualization |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041) | 2023-09-12 | 7.8 | CVE-2023-38076 MISC |
| microsoft -- multiple_products |
Windows Kernel Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38139 MISC |
| microsoft -- multiple_products |
Windows Kernel Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38141 MISC |
| microsoft -- multiple_products |
Windows Kernel Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38142 MISC |
| microsoft -- multiple_products |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38143 MISC |
| microsoft -- multiple_products |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38144 MISC |
| microsoft -- windows_11 |
Windows Kernel Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38150 MISC |
| microsoft -- multiple_products |
Windows GDI Elevation of Privilege Vulnerability | 2023-09-12 | 7.8 | CVE-2023-38161 MISC |
| microsoft -- windows_defender_security_intelligence_updates | Windows Defender Attack Surface Reduction Security Feature Bypass | 2023-09-12 | 7.8 | CVE-2023-38163 MISC |
| ibm -- qradar_wincollect | IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542. | 2023-09-08 | 7.8 | CVE-2023-38736 MISC MISC |
| raidenftpd -- raidenftpd | Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard. | 2023-09-11 | 7.8 | CVE-2023-39063 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code. | 2023-09-12 | 7.8 | CVE-2023-40727 MISC |
| siemens -- parasolid |
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263) | 2023-09-12 | 7.8 | CVE-2023-41032 MISC |
| siemens -- parasolid |
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266) | 2023-09-12 | 7.8 | CVE-2023-41033 MISC |
| siemens -- parasolid |
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2023-09-12 | 7.8 | CVE-2023-41846 MISC |
| apple -- macos | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. | 2023-09-12 | 7.8 | CVE-2023-41990 MISC MISC MISC MISC MISC MISC MISC |
| hashicorp -- terraform | Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. | 2023-09-08 | 7.8 | CVE-2023-4782 MISC |
| microsoft -- dynamics_265_for_finance_and_operations |
Dynamics Finance and Operations Cross-site Scripting Vulnerability | 2023-09-12 | 7.6 | CVE-2023-36800 MISC |
| dlink -- dir-619l_firmware | An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required | 2023-09-11 | 7.5 | CVE-2020-19323 MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. | 2023-09-08 | 7.5 | CVE-2022-22401 MISC MISC |
| siemens -- multiple_products |
The ANSI C OPC UA SDK contains an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | 2023-09-12 | 7.5 | CVE-2023-28831 MISC |
| microsoft -- azure_kubernetes_service |
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | 2023-09-12 | 7.5 | CVE-2023-29332 MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. | 2023-09-08 | 7.5 | CVE-2023-30995 MISC MISC |
| tsplus -- tsplus_remote_access | An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | 2023-09-11 | 7.5 | CVE-2023-31069 MISC MISC |
| quboworld -- smart_plug_10a_firmware | An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication. | 2023-09-11 | 7.5 | CVE-2023-36161 MISC |
| aptosfoundation -- aptos | CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json. | 2023-09-08 | 7.5 | CVE-2023-36184 MISC MISC MISC MISC |
| microsoft -- outlook |
Microsoft Outlook Information Disclosure Vulnerability | 2023-09-12 | 7.5 | CVE-2023-36763 MISC |
| samsung -- exynos_9810_firmware | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. | 2023-09-08 | 7.5 | CVE-2023-37368 MISC |
| samsung -- exynos_980_firmware | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering. | 2023-09-08 | 7.5 | CVE-2023-37377 MISC |
| microsoft -- multiple_products |
Windows TCP/IP Denial of Service Vulnerability | 2023-09-12 | 7.5 | CVE-2023-38149 MISC |
| microsoft -- multiple_products |
DHCP Server Service Denial of Service Vulnerability | 2023-09-12 | 7.5 | CVE-2023-38162 MISC |
| adobe -- coldfusion |
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | 2023-09-14 | 7.5 | CVE-2023-38205 MISC |
| golang -- go | Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | 2023-09-08 | 7.5 | CVE-2023-39321 MISC MISC MISC MISC |
| golang -- go | QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. | 2023-09-08 | 7.5 | CVE-2023-39322 MISC MISC MISC MISC |
| hexo -- hexo | Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | 2023-09-08 | 7.5 | CVE-2023-39584 MISC MISC MISC |
| buffalo -- terastation_nas_5410r_firmware | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | 2023-09-08 | 7.5 | CVE-2023-39620 MISC MISC |
| arm -- trusted_firmware-m | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8. | 2023-09-08 | 7.5 | CVE-2023-40271 MISC MISC |
| apple -- macos | This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. | 2023-09-12 | 7.5 | CVE-2023-40440 MISC |
| jeecg -- jeecg_boot | Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. | 2023-09-08 | 7.5 | CVE-2023-41578 MISC |
| dairy_farm_shop_management_system -- dairy_farm_shop_management_system | Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | 2023-09-08 | 7.5 | CVE-2023-41594 MISC MISC MISC |
| hutool -- hutool | hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | 2023-09-08 | 7.5 | CVE-2023-42278 MISC |
| mozilla -- multiple_products | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 7.5 | CVE-2023-4583 MISC MISC MISC MISC |
| sourcecodester -- simple_membership_system | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability. | 2023-09-08 | 7.5 | CVE-2023-4844 MISC MISC MISC |
| sourcecodester -- simple_membership_system | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255. | 2023-09-09 | 7.5 | CVE-2023-4846 MISC MISC MISC |
| inure -- inure | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | 2023-09-10 | 7.5 | CVE-2023-4876 MISC MISC |
| inure -- inure | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | 2023-09-10 | 7.5 | CVE-2023-4877 MISC MISC |
| mintplexlabs -- anything-llm | Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 2023-09-12 | 7.5 | CVE-2023-4898 MISC MISC |
| cecil -- cecil | Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. | 2023-09-12 | 7.5 | CVE-2023-4914 MISC MISC |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.3 | CVE-2019-16470 MISC |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 7.3 | CVE-2019-16471 MISC |
| microsoft -- multiple_products |
Microsoft Word Remote Code Execution Vulnerability | 2023-09-12 | 7.3 | CVE-2023-36762 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation. | 2023-09-12 | 7.3 | CVE-2023-40724 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | 2023-09-12 | 7.3 | CVE-2023-40728 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate or steal confidential information. | 2023-09-12 | 7.3 | CVE-2023-40729 MISC |
| sap -- businessobjects_business_intelligence_platform | Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application. | 2023-09-12 | 7.3 | CVE-2023-42472 MISC MISC |
|
microsoft -- azure_hdinsights |
Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | 2023-09-12 | 7.2 | CVE-2023-38156 MISC |
| zohocorp -- manageengine_admanager_plus | Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine. | 2023-09-11 | 7.2 | CVE-2023-38743 MISC |
| insyde -- iscflashx64.sys | An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash. | 2023-09-08 | 7.1 | CVE-2021-33834 MISC MISC |
| sap -- businessobjects | SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system. | 2023-09-12 | 7.1 | CVE-2023-40623 MISC MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition. | 2023-09-12 | 7.1 | CVE-2023-40730 MISC |
| linux -- kernel | A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service. | 2023-09-11 | 7.1 | CVE-2023-4881 MISC MISC |
| n-able -- take_control | BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | 2023-09-11 | 7 | CVE-2023-27470 MISC |
| microsoft -- windows_server_2012 | Windows MSHTML Platform Security Feature Bypass Vulnerability | 2023-09-12 | 7 | CVE-2023-36805 MISC |
| microsoft -- azure_devops |
Azure DevOps Server Remote Code Execution Vulnerability | 2023-09-12 | 7 | CVE-2023-38155 MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| solarwinds -- solarwinds_platform |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | 2023-09-13 | 6.8 | CVE-2023-23840 MISC MISC |
| solarwinds -- solarwinds_platform |
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | 2023-09-13 | 6.8 | CVE-2023-23845 MISC MISC |
| microsoft -- visual_studio |
Visual Studio Elevation of Privilege Vulnerability | 2023-09-12 | 6.7 | CVE-2023-36759 MISC |
| xpand-it -- write-back_manager | Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | 2023-09-12 | 6.5 | CVE-2023-27169 MISC MISC MISC MISC |
| microsoft -- .net/visual_studio |
.NET Core and Visual Studio Denial of Service Vulnerability | 2023-09-12 | 6.5 | CVE-2023-36799 MISC |
| apache -- airflow | Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability. | 2023-09-12 | 6.5 | CVE-2023-40712 MISC MISC MISC |
| mozilla -- thunderbird | When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4573 MISC MISC MISC MISC MISC MISC |
| mozilla -- thunderbird | When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4574 MISC MISC MISC MISC MISC MISC |
| mozilla -- thunderbird | When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4575 MISC MISC MISC MISC MISC MISC |
| mozilla -- thunderbird | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4577 MISC MISC MISC MISC |
| mozilla -- thunderbird | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4578 MISC MISC MISC MISC |
| mozilla -- thunderbird | Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 2023-09-11 | 6.5 | CVE-2023-4580 MISC MISC MISC MISC |
| mutt -- mutt | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 2023-09-09 | 6.5 | CVE-2023-4874 MISC MISC MISC |
| wordpress -- wordpress |
The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-14 | 6.4 | CVE-2023-4841 MISC MISC MISC |
| wordpress -- wordpress |
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2023-09-12 | 6.4 | CVE-2023-4893 MISC MISC |
| wordpress -- wordpress |
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-14 | 6.4 | CVE-2023-4944 MISC MISC MISC |
| wordpress -- wordpress |
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-14 | 6.4 | CVE-2023-4945 MISC MISC MISC |
| sap -- powerdesigner | SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default. | 2023-09-12 | 6.3 | CVE-2023-40621 MISC MISC |
| microsoft -- word |
Microsoft Word Information Disclosure Vulnerability | 2023-09-12 | 6.2 | CVE-2023-36761 MISC |
| adobe -- connect |
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-09-13 | 6.1 | CVE-2023-29305 MISC |
| adobe -- connect |
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-09-13 | 6.1 | CVE-2023-29306 MISC |
| wordpress -- wordpress | The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. | 2023-09-11 | 6.1 | CVE-2023-3169 MISC |
| wordpress -- wordpress | A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'. | 2023-09-11 | 6.1 | CVE-2023-38878 MISC MISC MISC |
| golang -- go | The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | 2023-09-08 | 6.1 | CVE-2023-39318 MISC MISC MISC MISC |
| golang -- go | The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | 2023-09-08 | 6.1 | CVE-2023-39319 MISC MISC MISC MISC |
| fieldthemes -- fieldpopupnewsletter | FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. | 2023-09-08 | 6.1 | CVE-2023-39676 MISC MISC MISC |
| free_and_open_source_inventory_management_system -- free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. | 2023-09-08 | 6.1 | CVE-2023-39712 MISC MISC MISC |
| sap -- s/4hana | SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | 2023-09-08 | 6.1 | CVE-2023-40306 MISC MISC |
| icewarp -- icewarp | Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | 2023-09-12 | 6.1 | CVE-2023-41013 MISC MISC |
| cockpit_cms -- cockpit_cms | An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. | 2023-09-08 | 6.1 | CVE-2023-41564 MISC |
| sourcecodester -- simple_book_catalog_app | A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256. | 2023-09-09 | 6.1 | CVE-2023-4847 MISC MISC MISC |
| sourcecodester -- take-note_app | A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability. | 2023-09-09 | 6.1 | CVE-2023-4864 MISC MISC MISC |
| sourcecodester -- contact_manager_app | A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355. | 2023-09-10 | 6.1 | CVE-2023-4870 MISC MISC MISC |
| cecil -- cecil | Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1. | 2023-09-12 | 6.1 | CVE-2023-4913 MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. | 2023-09-08 | 5.9 | CVE-2022-22405 MISC MISC |
| microsoft -- exchange_server |
Microsoft Exchange Server Information Disclosure Vulnerability | 2023-09-12 | 5.7 | CVE-2023-36777 MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering. | 2023-09-12 | 5.7 | CVE-2023-40731 MISC |
| mutt -- mutt | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 2023-09-09 | 5.7 | CVE-2023-4875 MISC MISC MISC |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 5.5 | CVE-2019-7819 MISC |
| adobe -- acrobat_dc | Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-11 | 5.5 | CVE-2022-34238 MISC |
| dell -- digital_delivery | Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | 2023-09-08 | 5.5 | CVE-2023-32470 MISC |
| google -- android | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35664 MISC MISC |
| google -- android | In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35671 MISC MISC |
| google -- android | In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35675 MISC MISC |
| google -- android | In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35677 MISC MISC |
| google -- android | In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35679 MISC MISC |
| google -- android | In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35680 MISC MISC |
| google -- android | In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-09-11 | 5.5 | CVE-2023-35683 MISC MISC |
| microsoft -- multiple_products |
Windows Kernel Information Disclosure Vulnerability | 2023-09-12 | 5.5 | CVE-2023-36803 MISC |
| microsoft -- multiple_products |
Windows Kernel Information Disclosure Vulnerability | 2023-09-12 | 5.5 | CVE-2023-38140 MISC |
| microsoft -- multiple_products |
Windows TCP/IP Information Disclosure Vulnerability | 2023-09-12 | 5.5 | CVE-2023-38160 MISC |
| siemens -- simatic_pcs_neo |
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | 2023-09-14 | 5.5 | CVE-2023-38558 MISC |
| gpac -- gpac | GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c. | 2023-09-11 | 5.5 | CVE-2023-41000 MISC |
| mozilla -- vpn | An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1. | 2023-09-11 | 5.5 | CVE-2023-4104 MISC MISC MISC MISC MISC MISC |
| microsoft -- office |
Microsoft Office Spoofing Vulnerability | 2023-09-12 | 5.5 | CVE-2023-41764 MISC |
| qemu -- qemu | QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. | 2023-09-11 | 5.5 | CVE-2023-42467 MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571. | 2023-09-08 | 5.4 | CVE-2022-22402 MISC MISC |
| ibm -- maximo_asset_management | IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. | 2023-09-08 | 5.4 | CVE-2023-32332 MISC MISC MISC |
| wordpress -- wordpress | The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user. | 2023-09-11 | 5.4 | CVE-2023-3510 MISC |
| microsoft -- dynamics_365 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-09-12 | 5.4 | CVE-2023-36886 MISC |
| microsoft -- dynamics_365 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-09-12 | 5.4 | CVE-2023-38164 MISC |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-09-13 | 5.4 | CVE-2023-38214 MISC |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-09-13 | 5.4 | CVE-2023-38215 MISC |
| sap -- s4core | S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. | 2023-09-12 | 5.4 | CVE-2023-40625 MISC MISC |
| hkcms -- hkcms | HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. | 2023-09-11 | 5.4 | CVE-2023-40786 MISC MISC |
| turt2live -- matrix-media-repo | matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround. | 2023-09-08 | 5.4 | CVE-2023-41318 MISC MISC MISC MISC |
| blood_bank_&_donor_management_system_project -- blood_bank_&_donor_management_system | Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | 2023-09-08 | 5.4 | CVE-2023-41575 MISC |
| wordpress -- wordpress | The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-09 | 5.4 | CVE-2023-4838 MISC MISC |
| wordpress -- wordpress | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-12 | 5.4 | CVE-2023-4840 MISC MISC MISC |
| wordpress -- wordpress | The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-12 | 5.4 | CVE-2023-4887 MISC MISC |
| wordpress -- wordpress | The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-12 | 5.4 | CVE-2023-4890 MISC MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592. | 2023-09-08 | 5.3 | CVE-2022-22409 MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. | 2023-09-08 | 5.3 | CVE-2023-24965 MISC MISC |
| hcltech -- domino | In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | 2023-09-08 | 5.3 | CVE-2023-28010 MISC |
| microsoft -- windows_server |
DHCP Server Service Information Disclosure Vulnerability | 2023-09-12 | 5.3 | CVE-2023-36801 MISC |
| samsung -- exynos_9820_firmware | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages. | 2023-09-08 | 5.3 | CVE-2023-37367 MISC |
| sap -- businessobjects_business_intelligence | Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | 2023-09-12 | 5.3 | CVE-2023-37489 MISC MISC |
| microsoft -- windows_server |
DHCP Server Service Information Disclosure Vulnerability | 2023-09-12 | 5.3 | CVE-2023-38152 MISC |
| adobe -- coldfusion |
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. | 2023-09-14 | 5.3 | CVE-2023-38206 MISC |
| mycrops -- higrade | An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. | 2023-09-11 | 5.3 | CVE-2023-40040 MISC |
| gofiber -- fiber | Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version. | 2023-09-08 | 5.3 | CVE-2023-41338 MISC MISC MISC MISC |
| sap -- netweaver | Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact. | 2023-09-12 | 5.3 | CVE-2023-41367 MISC MISC |
| sap -- s/4_hana | The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. | 2023-09-12 | 5.3 | CVE-2023-41368 MISC MISC |
| wordpress -- wordpress |
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password. | 2023-09-13 | 5.3 | CVE-2023-4915 MISC MISC |
| wordpress -- wordpress |
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords. | 2023-09-13 | 5.3 | CVE-2023-4917 MISC MISC |
| wordpress -- wordpress | The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-11 | 4.8 | CVE-2023-3170 MISC |
| pega -- pega_platform | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. | 2023-09-08 | 4.8 | CVE-2023-4843 MISC |
| anaconda -- anaconda3 | Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected. | 2023-09-11 | 4.7 | CVE-2023-35845 MISC |
| gm -- mylink_infotainment_system | Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system. | 2023-09-08 | 4.6 | CVE-2023-39076 MISC |
| qnap -- qvr_pro_client | An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later | 2023-09-08 | 4.4 | CVE-2022-27599 MISC |
| microsoft -- identity_linux_broker |
Microsoft Identity Linux Broker Remote Code Execution Vulnerability | 2023-09-12 | 4.4 | CVE-2023-36736 MISC |
| microsoft -- office |
Microsoft Office Security Feature Bypass Vulnerability | 2023-09-12 | 4.3 | CVE-2023-36767 MISC |
| oracle -- apache_airflow | Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability. | 2023-09-12 | 4.3 | CVE-2023-40611 MISC MISC |
| sap -- s/4_hana | The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser. | 2023-09-12 | 4.3 | CVE-2023-41369 MISC MISC |
| mozilla -- thunderbird | Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | 2023-09-11 | 4.3 | CVE-2023-4581 MISC MISC MISC MISC MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. | 2023-09-11 | 4.3 | CVE-2023-4630 MISC MISC |
| qualys -- container_scanning_connector | An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 2023-09-08 | 4.3 | CVE-2023-4777 MISC |
| wordpress -- wordpress |
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders. | 2023-09-14 | 4.3 | CVE-2023-4948 MISC MISC |
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames. | 2023-09-12 | 4 | CVE-2023-40725 MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| siemens -- qms_automotive |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks. | 2023-09-12 | 3.9 | CVE-2023-40732 MISC |
| samsung -- exynos_9820_firmware | An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application. | 2023-09-12 | 3.3 | CVE-2023-40218 MISC |
| samsung -- exynos_980_firmware | An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application. | 2023-09-08 | 3.3 | CVE-2023-40353 MISC |
| apple -- ipados | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | 2023-09-12 | 3.3 | CVE-2023-40442 MISC MISC MISC |
| mozilla -- firefox | Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. | 2023-09-11 | 3.1 | CVE-2023-4579 MISC MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| tripodworks_co._ltd. -- gigapod |
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition. | 2023-09-08 | not yet calculated | CVE-2014-5329 MISC |
| diebold_nixdorf -- opteva |
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | 2023-09-11 | not yet calculated | CVE-2020-19559 MISC |
| fortinet -- forticlientems |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | 2023-09-13 | not yet calculated | CVE-2021-44172 MISC |
| fortinet -- fortiadc |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 2023-09-13 | not yet calculated | CVE-2022-35849 MISC |
| apache_friends -- xampp |
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | 2023-09-12 | not yet calculated | CVE-2022-47637 MISC |
| control_de_ciber -- control_de_ciber |
Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process. | 2023-09-12 | not yet calculated | CVE-2022-48474 MISC |
| control_de_ciber -- control_de_ciber |
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request. | 2023-09-12 | not yet calculated | CVE-2022-48475 MISC |
| control_de_ciber -- control_de_ciber |
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core. | 2023-09-12 | not yet calculated | CVE-2022-4896 MISC |
| foreman -- foreman |
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. | 2023-09-12 | not yet calculated | CVE-2023-0119 MISC MISC MISC |
| cisco -- ios_xr |
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device. | 2023-09-13 | not yet calculated | CVE-2023-20135 MISC |
| cisco -- ios_xr |
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 2023-09-13 | not yet calculated | CVE-2023-20190 MISC |
| cisco -- ios_xr |
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 2023-09-13 | not yet calculated | CVE-2023-20191 MISC |
| cisco -- ios_xr |
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device. | 2023-09-13 | not yet calculated | CVE-2023-20233 MISC |
| cisco -- ios_xr |
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device. | 2023-09-13 | not yet calculated | CVE-2023-20236 MISC |
| blackberry -- athoc |
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. | 2023-09-12 | not yet calculated | CVE-2023-21520 MISC |
| blackberry -- athoc |
An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 2023-09-12 | not yet calculated | CVE-2023-21521 MISC |
| blackberry -- athoc |
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. | 2023-09-12 | not yet calculated | CVE-2023-21522 MISC |
| blackberry -- athoc |
A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account. | 2023-09-12 | not yet calculated | CVE-2023-21523 MISC |
| nvidia -- connectx_host |
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | 2023-09-12 | not yet calculated | CVE-2023-25519 MISC |
| fortinet -- fortiap |
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | 2023-09-13 | not yet calculated | CVE-2023-25608 MISC |
| sidekiq -- sidekiq |
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | 2023-09-14 | not yet calculated | CVE-2023-26141 MISC MISC MISC MISC |
| crow -- crow |
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | 2023-09-12 | not yet calculated | CVE-2023-26142 MISC MISC |
| qemu -- qemu |
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. | 2023-09-13 | not yet calculated | CVE-2023-2680 MISC MISC |
| wordpress -- wordpress |
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin | 2023-09-11 | not yet calculated | CVE-2023-2705 MISC |
| fortinet -- fortipresence |
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. | 2023-09-13 | not yet calculated | CVE-2023-27998 MISC |
| movim -- movim |
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. | 2023-09-14 | not yet calculated | CVE-2023-2848 MISC MISC MISC |
| fortinet -- fortiproxy/fortios |
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution vicrafted guest management setting. | 2023-09-13 | not yet calculated | CVE-2023-29183 MISC |
| rockwell_automation -- pavilion8 |
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session. | 2023-09-12 | not yet calculated | CVE-2023-29463 MISC |
| dell -- sd_rom_utility |
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | 2023-09-12 | not yet calculated | CVE-2023-3039 MISC |
| palantir -- cerberus |
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58. | 2023-09-12 | not yet calculated | CVE-2023-30962 MISC |
| inosoft_gmbh -- visiwin_7 |
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. | 2023-09-11 | not yet calculated | CVE-2023-31468 MISC MISC |
| node.js -- node.js |
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 2023-09-12 | not yet calculated | CVE-2023-32005 MISC |
| qemu -- qemu |
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. | 2023-09-13 | not yet calculated | CVE-2023-3255 MISC MISC |
| node.js -- node.js |
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 2023-09-12 | not yet calculated | CVE-2023-32558 MISC |
| palo_alto_networks -- cortex_xdr |
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. | 2023-09-13 | not yet calculated | CVE-2023-3280 MISC |
| qemu -- qemu |
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | 2023-09-13 | not yet calculated | CVE-2023-3301 MISC MISC |
| cloud_foundry -- routing/cf_development |
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations. | 2023-09-08 | not yet calculated | CVE-2023-34041 MISC |
| ami -- aptiov |
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. | 2023-09-12 | not yet calculated | CVE-2023-34469 MISC |
| ami -- aptiov |
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | 2023-09-12 | not yet calculated | CVE-2023-34470 MISC |
| fortinet -- fortiweb |
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | 2023-09-13 | not yet calculated | CVE-2023-34984 MISC |
| dassault_systèmes -- teamwork_cloud |
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. | 2023-09-13 | not yet calculated | CVE-2023-3588 MISC |
| dover_fueling_solutions -- maglink_lx_web_console_configuration |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. | 2023-09-11 | not yet calculated | CVE-2023-36497 MISC |
| fortinet -- fortisiem |
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. | 2023-09-13 | not yet calculated | CVE-2023-36551 MISC |
| fortinet -- fortiap-u |
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | 2023-09-13 | not yet calculated | CVE-2023-36634 MISC |
| fortinet -- fortimanager/fortianalyzer |
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | 2023-09-13 | not yet calculated | CVE-2023-36638 MISC |
| fortinet -- fortitester |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 2023-09-13 | not yet calculated | CVE-2023-36642 MISC |
| etherscan -- ethereum_blockchain |
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. | 2023-09-11 | not yet calculated | CVE-2023-36980 MISC MISC |
| honeywell -- pm43 |
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006). | 2023-09-12 | not yet calculated | CVE-2023-3710 MISC MISC MISC |
| honeywell -- pm43 |
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006). | 2023-09-12 | not yet calculated | CVE-2023-3711 MISC MISC MISC |
| honeywell -- pm43 |
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006). | 2023-09-12 | not yet calculated | CVE-2023-3712 MISC MISC MISC |
| wing_ftp_server -- wing_ftp_server |
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0. | 2023-09-12 | not yet calculated | CVE-2023-37875 MISC |
| wing_ftp_server -- wing_ftp_server |
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation. This issue affects Wing FTP Server: <= 7.2.0. | 2023-09-12 | not yet calculated | CVE-2023-37878 MISC |
| wing_ftp_server -- wing_ftp_server |
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation. This issue affects Wing FTP Server: <= 7.2.0. | 2023-09-12 | not yet calculated | CVE-2023-37879 MISC |
| wing_ftp_server -- wing_ftp_server |
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation. This issue affects Wing FTP Server: <= 7.2.0. | 2023-09-12 | not yet calculated | CVE-2023-37881 MISC |
| dover_fueling_solutions -- maglink_lx_web_console_configuration |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system. | 2023-09-11 | not yet calculated | CVE-2023-38256 MISC |
| zlmediakiet -- zlmediakiet |
Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL. | 2023-09-11 | not yet calculated | CVE-2023-39067 MISC MISC |
| hangzhou_xiongmai_technology_co._ltd. -- multiple_products |
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to cause a denial of service via a crafted request to the service.XM component. | 2023-09-11 | not yet calculated | CVE-2023-39068 MISC |
| strangebee_thehive -- strangebee_thehive |
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. | 2023-09-11 | not yet calculated | CVE-2023-39069 MISC |
| cppcheck -- cppcheck |
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934. | 2023-09-11 | not yet calculated | CVE-2023-39070 MISC |
| snmp_web_pro -- snmp_web_pro |
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. | 2023-09-12 | not yet calculated | CVE-2023-39073 MISC |
| zoom -- cleanzoom |
Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. | 2023-09-12 | not yet calculated | CVE-2023-39201 MISC |
| zoom -- zoom_desktop_client_for_linux |
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. | 2023-09-12 | not yet calculated | CVE-2023-39208 MISC |
| zoom -- zoom |
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. | 2023-09-12 | not yet calculated | CVE-2023-39215 MISC |
| softneta -- meddream_pacs |
Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials. | 2023-09-11 | not yet calculated | CVE-2023-39227 MISC |
| asus -- rt-ax55 |
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. | 2023-09-11 | not yet calculated | CVE-2023-39780 MISC MISC MISC MISC MISC MISC |
| nlnet_labs -- bcder |
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. | 2023-09-13 | not yet calculated | CVE-2023-39914 MISC |
| nlnet_labs -- routinator |
NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914. | 2023-09-13 | not yet calculated | CVE-2023-39915 MISC |
| nlnet_labs -- routinator |
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | 2023-09-13 | not yet calculated | CVE-2023-39916 MISC |
| libvips -- libvips |
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input. | 2023-09-11 | not yet calculated | CVE-2023-40032 MISC MISC MISC |
| softneta -- meddream_pacs |
The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0 | 2023-09-11 | not yet calculated | CVE-2023-40150 MISC |
| wordpress -- wordpress |
The Herd Effects WordPress plugin before 5.2.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-11 | not yet calculated | CVE-2023-4022 MISC |
| sap -- commoncryptolib |
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information. | 2023-09-12 | not yet calculated | CVE-2023-40308 MISC MISC |
| sap -- commoncryptolib |
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. | 2023-09-12 | not yet calculated | CVE-2023-40309 MISC MISC |
| arm_ltd. -- gnu/gnu_toolchain |
A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically sized local variables or those created using alloca(). The stack-protector operates as intended for statically sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. | 2023-09-13 | not yet calculated | CVE-2023-4039 MISC MISC |
| wordpress -- wordpress |
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-11 | not yet calculated | CVE-2023-4060 MISC |
| openknowledgemaps -- head_start_7 |
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'. | 2023-09-13 | not yet calculated | CVE-2023-40617 MISC |
| sap -- netweaver |
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application. | 2023-09-12 | not yet calculated | CVE-2023-40624 MISC MISC |
| fortinet -- fortitester |
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. | 2023-09-13 | not yet calculated | CVE-2023-40715 MISC |
| fortinet -- fortitester |
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. | 2023-09-13 | not yet calculated | CVE-2023-40717 MISC |
| netentsec -- ns-asg |
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | 2023-09-13 | not yet calculated | CVE-2023-40850 MISC |
| oracle -- apache_tomcat_connectors |
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. | 2023-09-13 | not yet calculated | CVE-2023-41081 MISC MISC |
| interact -- interact |
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. | 2023-09-11 | not yet calculated | CVE-2023-41103 MISC MISC |
| usermin -- usermin |
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program. | 2023-09-13 | not yet calculated | CVE-2023-41152 MISC MISC |
| usermin -- usermin |
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable. | 2023-09-13 | not yet calculated | CVE-2023-41154 MISC MISC |
| usermin/webmin -- usermin/webmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | 2023-09-13 | not yet calculated | CVE-2023-41155 MISC MISC |
| usermin -- usermin |
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program. | 2023-09-13 | not yet calculated | CVE-2023-41158 MISC MISC |
| usermin -- usermin |
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down. | 2023-09-13 | not yet calculated | CVE-2023-41162 MISC MISC |
| dover_fueling_solutions -- maglink_lx_web_console_configuration |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access. | 2023-09-11 | not yet calculated | CVE-2023-41256 MISC |
| oracle -- apache_airflow |
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1 | 2023-09-14 | not yet calculated | CVE-2023-41267 MISC MISC |
| sofastack -- sofarpc |
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. | 2023-09-12 | not yet calculated | CVE-2023-41331 MISC MISC |
| symfony -- ux-autocomplete |
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | 2023-09-11 | not yet calculated | CVE-2023-41336 MISC MISC MISC MISC |
| wordpress -- wordpress |
Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. | 2023-09-12 | not yet calculated | CVE-2023-41423 MISC |
| linux -- kernel |
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). | 2023-09-13 | not yet calculated | CVE-2023-4155 MISC MISC |
| dairy_farm_shop_management_system -- dairy_farm_shop_management_system |
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. | 2023-09-11 | not yet calculated | CVE-2023-41593 MISC MISC MISC MISC |
| couchcms -- couchcms |
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 2023-09-11 | not yet calculated | CVE-2023-41609 MISC |
| l_is_b_corp. -- 'direct'_desktop_app_for_macos |
Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent. | 2023-09-08 | not yet calculated | CVE-2023-41775 MISC MISC |
| openmage -- magento_lts |
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1. | 2023-09-11 | not yet calculated | CVE-2023-41879 MISC MISC MISC MISC MISC |
| piccolo -- piccolo |
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not also enforce strong passwords, these lists of valid accounts are likely to be used in a password spray attack with the outcome being attempted takeover of user accounts on the platform. The impact of this vulnerability is minor as it requires chaining with other attack vectors in order to gain more then simply a list of valid users on the underlying platform. The likelihood of this vulnerability is possible as it requires minimal skills to pull off, especially given the underlying login functionality for Piccolo based sites is open source. This issue has been patched in version 0.121.0. | 2023-09-12 | not yet calculated | CVE-2023-41885 MISC MISC |
| craft_cms -- craft_cms |
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. | 2023-09-13 | not yet calculated | CVE-2023-41892 MISC MISC MISC MISC MISC MISC |
| google -- android |
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call. | 2023-09-13 | not yet calculated | CVE-2023-42468 MISC MISC MISC MISC |
| google -- android |
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. | 2023-09-13 | not yet calculated | CVE-2023-42469 MISC MISC MISC MISC |
| oracle -- apache_commons_compress |
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values. Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5]. [1]: https://issues.apache.org/jira/browse/COMPRESS-612 [2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 [3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html [4]: https://bugs.openjdk.org/browse/JDK-6560193 [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted. | 2023-09-14 | not yet calculated | CVE-2023-42503 MISC |
| wordpress -- wordpress |
The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-09-11 | not yet calculated | CVE-2023-4270 MISC |
| wordpress -- wordpress |
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. | 2023-09-11 | not yet calculated | CVE-2023-4278 MISC |
| wordpress -- wordpress |
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. | 2023-09-11 | not yet calculated | CVE-2023-4294 MISC |
| wordpress -- wordpress |
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack | 2023-09-11 | not yet calculated | CVE-2023-4307 MISC |
| wordpress -- wordpress |
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite. | 2023-09-11 | not yet calculated | CVE-2023-4314 MISC |
| wordpress -- wordpress |
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack | 2023-09-11 | not yet calculated | CVE-2023-4318 MISC |
| skyhigh_security -- secure_web_gateway |
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files. | 2023-09-13 | not yet calculated | CVE-2023-4400 MISC |
| opentext -- multiple_products |
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. | 2023-09-12 | not yet calculated | CVE-2023-4501 MISC |
| schneider_electric -- igss_update_service |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | 2023-09-14 | not yet calculated | CVE-2023-4516 MISC |
| papercut -- papercut_ng |
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. | 2023-09-13 | not yet calculated | CVE-2023-4568 MISC |
| eclipse_foundation -- eclipse_jgit |
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . The JGit maintainers would like to thank RyotaK for finding and reporting this issue. | 2023-09-12 | not yet calculated | CVE-2023-4759 MISC MISC MISC |
| google -- grpc |
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. | 2023-09-13 | not yet calculated | CVE-2023-4785 MISC MISC MISC MISC MISC |
| proofpoint -- insider_threat_management_for_macos |
An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | 2023-09-13 | not yet calculated | CVE-2023-4801 MISC |
| proofpoint -- insider_threat_management |
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. | 2023-09-13 | not yet calculated | CVE-2023-4802 MISC |
| proofpoint -- insider_threat_management |
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. | 2023-09-13 | not yet calculated | CVE-2023-4803 MISC |
| openssl -- openssl |
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However, given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However, we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. | 2023-09-08 | not yet calculated | CVE-2023-4807 MISC MISC MISC MISC |
| glibc -- glibc |
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | 2023-09-12 | not yet calculated | CVE-2023-4813 MISC MISC |
| trellix -- data_loss_prevention_endpoint_for_windows |
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | 2023-09-14 | not yet calculated | CVE-2023-4814 MISC |
| proofpoint -- itm_server |
An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected. | 2023-09-13 | not yet calculated | CVE-2023-4828 MISC |
| ibos -- ibos |
A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239258 is the identifier assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4849 MISC MISC MISC |
| ibos -- ibos |
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259. | 2023-09-09 | not yet calculated | CVE-2023-4850 MISC MISC MISC |
| ibos -- ibos |
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260. | 2023-09-09 | not yet calculated | CVE-2023-4851 MISC MISC MISC |
| ibos -- ibos |
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4852 MISC MISC MISC |
| google -- chrome |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 2023-09-12 | not yet calculated | CVE-2023-4863 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| suntront -- smart_table_integrated_management_system |
A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352. | 2023-09-10 | not yet calculated | CVE-2023-4867 MISC MISC MISC |
| instantsoft -- icms2 |
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-09-10 | not yet calculated | CVE-2023-4878 MISC MISC |
| instantsoft -- icms2 |
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git. | 2023-09-10 | not yet calculated | CVE-2023-4879 MISC MISC |
| google -- chrome_for_android |
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4900 MISC MISC |
| google -- chrome |
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4901 MISC MISC |
| google -- chrome |
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4902 MISC MISC |
| google -- chrome_for_android |
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4903 MISC MISC |
| google -- chrome |
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4904 MISC MISC |
| google -- chrome |
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-09-12 | not yet calculated | CVE-2023-4905 MISC MISC |
| google -- chrome |
Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-09-12 | not yet calculated | CVE-2023-4906 MISC MISC |
| google -- chrome_for_android |
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-09-12 | not yet calculated | CVE-2023-4907 MISC MISC |
| google -- chrome |
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-09-12 | not yet calculated | CVE-2023-4908 MISC MISC |
| google -- chrome |
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-09-12 | not yet calculated | CVE-2023-4909 MISC MISC |
| keycloak -- keycloak |
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the user's passwords in clear text, jeopardizing their environment. | 2023-09-12 | not yet calculated | CVE-2023-4918 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. | 2023-09-12 | not yet calculated | CVE-2023-4921 MISC MISC |
| instantsoft -- icms2 |
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | 2023-09-13 | not yet calculated | CVE-2023-4928 MISC MISC |
Vulnerability Summary for the Week of September 4, 2023
Posted on Monday September 11, 2023
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canonical_ltd. -- snapd_for_linux | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. | 2023-09-01 | 10 | CVE-2023-1523 MISC MISC MISC MISC |
| bmc -- server_automation | BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 2023-09-05 | 9.8 | CVE-2017-9453 MISC |
| mybb -- mybb | Installer RCE on settings file write in MyBB before 1.8.22. | 2023-09-01 | 9.8 | CVE-2020-22612 MISC |
| qualcomm -- sd855 | A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g., from a remote source). | 2023-09-05 | 9.8 | CVE-2023-28543 MISC |
| qualcomm -- aqt1000 | Memory corruption while handling payloads from remote ESL. | 2023-09-05 | 9.8 | CVE-2023-28562 MISC |
| qualcomm -- fastconnect_6800 | Memory corruption in WLAN Firmware while parsing received GTK Keys in GTK KDE. | 2023-09-05 | 9.8 | CVE-2023-28581 MISC |
| samsung_mobile -- health | Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. | 2023-09-06 | 9.8 | CVE-2023-30723 MISC |
| open_automation_software -- oas_platform | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 9.8 | CVE-2023-31242 MISC MISC |
| bookreen -- bookreen | Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | 2023-09-05 | 9.8 | CVE-2023-3374 MISC |
| osoft -- paint_production_management |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection. This issue affects Paint Production Management: before 2.1. | 2023-09-05 | 9.8 | CVE-2023-35065 MISC |
| bma -- personnel_tracking_system |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System: before 20230904. | 2023-09-05 | 9.8 | CVE-2023-35068 MISC |
| coyav_travel -- proagent |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection. This issue affects Proagent: before 20230904. | 2023-09-05 | 9.8 | CVE-2023-35072 MISC |
| pocketmanga -- smanga | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | 2023-09-01 | 9.8 | CVE-2023-36076 MISC |
| macwk -- icecms | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | 2023-09-01 | 9.8 | CVE-2023-36100 MISC |
| mava -- hotel_management_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affects Hotel Management System: before 2.0. | 2023-09-05 | 9.8 | CVE-2023-3616 MISC |
| netgear -- cbr40 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. | 2023-09-01 | 9.8 | CVE-2023-36187 MISC |
| relic -- relic | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | 2023-09-01 | 9.8 | CVE-2023-36326 MISC MISC |
| relic -- relic | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | 2023-09-01 | 9.8 | CVE-2023-36327 MISC MISC |
| libtom -- libtommath | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | 2023-09-01 | 9.8 | CVE-2023-36328 MISC FEDORA |
| web-audimex -- audimexee | Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | 2023-09-05 | 9.8 | CVE-2023-36361 MISC MISC MISC |
| proscend -- m357-5g | Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials | 2023-09-03 | 9.8 | CVE-2023-3703 MISC |
| synel -- synergy/a | Synel Terminals - CWE-494: Download of Code Without Integrity Check | 2023-09-03 | 9.8 | CVE-2023-37220 MISC |
| asus -- rt-ax56u |
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39238 MISC |
| asus -- rt-ax56u |
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39239 MISC |
| asus -- rt-ax56u |
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39240 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 9.8 | CVE-2023-39361 MISC |
| langchain -- langchain | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | 2023-09-01 | 9.8 | CVE-2023-39631 MISC MISC |
| abuquant -- abupy | abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. | 2023-09-05 | 9.8 | CVE-2023-39654 MISC MISC |
| cuppa_cms -- cuppa_cms | Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. | 2023-09-05 | 9.8 | CVE-2023-39681 MISC |
| moxa -- mxsecurity | There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. | 2023-09-02 | 9.8 | CVE-2023-39979 MISC |
| digitatek -- smartrise_document_management_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0. | 2023-09-05 | 9.8 | CVE-2023-4034 MISC |
| diaowen -- dwsurvey | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | 2023-09-01 | 9.8 | CVE-2023-40980 MISC |
| bolo-solo -- bolo-solo | File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. | 2023-09-05 | 9.8 | CVE-2023-41009 MISC MISC MISC |
| f-revocrm -- f-revocrm | F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. | 2023-09-06 | 9.8 | CVE-2023-41149 MISC MISC |
| metaways_infosystems_gmbh -- tine | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 2023-09-01 | 9.8 | CVE-2023-41364 MISC MISC MISC |
| super_store_finder -- super_store_finder | Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | 2023-09-05 | 9.8 | CVE-2023-41507 MISC MISC |
| neutron -- smart_vms | Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1. | 2023-09-05 | 9.8 | CVE-2023-4178 MISC |
| lldpd -- lldpd | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | 2023-09-05 | 9.8 | CVE-2023-41910 MISC MISC |
| mestav -- e-commerce_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901. | 2023-09-05 | 9.8 | CVE-2023-4531 MISC |
| lg -- lg_led_assistant | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. | 2023-09-04 | 9.8 | CVE-2023-4613 MISC MISC |
| lg -- lg_led_assistant | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. | 2023-09-04 | 9.8 | CVE-2023-4614 MISC MISC |
| wordpress -- wordpress |
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. | 2023-09-06 | 9.8 | CVE-2023-4634 MISC MISC MISC MISC MISC |
| infosoftbd -- clcknshop | A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 9.8 | CVE-2023-4708 MISC MISC MISC |
| suntront -- smart_table_integrated_management_system | A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 9.8 | CVE-2023-4712 MISC MISC MISC |
| byzoro -- smart_s85f_management_platform | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | 9.8 | CVE-2023-4739 MISC MISC MISC |
| tenda -- ac8 | A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. | 2023-09-04 | 9.8 | CVE-2023-4744 MISC MISC MISC |
| dedecms -- dedecms | A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238636. | 2023-09-04 | 9.8 | CVE-2023-4747 MISC MISC MISC MISC |
| sourcecodester -- inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | 2023-09-04 | 9.8 | CVE-2023-4749 MISC MISC MISC |
| adobe -- adobe_commerce |
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. | 2023-09-06 | 9.1 | CVE-2021-36021 MISC |
| adobe -- adobe_commerce |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | 2023-09-06 | 9.1 | CVE-2021-36023 MISC |
| adobe -- adobe_commerce |
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. | 2023-09-06 | 9.1 | CVE-2021-36036 MISC |
| ibm -- financial_transaction_manager | IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. | 2023-09-05 | 9.1 | CVE-2023-35892 MISC MISC |
| ahwx -- librey | LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | 2023-09-04 | 9.1 | CVE-2023-41054 MISC MISC |
| hewlett_packard_enterprise -- aruba_airwave | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | 2023-09-05 | 8.8 | CVE-2015-1391 MISC |
| nokia -- access_management_system | An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. | 2023-09-05 | 8.8 | CVE-2022-41763 MISC |
| phpfusion -- phpfusion | There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload. | 2023-09-05 | 8.8 | CVE-2023-2453 MISC |
| apple -- pro_video_formats | A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. | 2023-09-06 | 8.8 | CVE-2023-29166 MISC |
| asus -- _rt-ac86u |
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | 2023-09-07 | 8.8 | CVE-2023-38031 MISC |
| asus -- rt-ac86u |
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | 2023-09-07 | 8.8 | CVE-2023-38032 MISC |
| asus -- rt-ac86u |
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | 2023-09-07 | 8.8 | CVE-2023-38033 MISC |
| asus -- rt-ac86u |
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | 2023-09-07 | 8.8 | CVE-2023-39236 MISC |
| asus -- rt-ac86u |
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | 2023-09-07 | 8.8 | CVE-2023-39237 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 8.8 | CVE-2023-39357 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 8.8 | CVE-2023-39358 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 8.8 | CVE-2023-39359 MISC |
| startrinity -- softswitch | StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352) | 2023-09-03 | 8.8 | CVE-2023-39372 MISC |
| shirasagi -- shirasagi | Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | 2023-09-05 | 8.8 | CVE-2023-39448 MISC MISC |
| knowstreaming -- knowstreaming | KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. | 2023-09-05 | 8.8 | CVE-2023-40918 MISC |
| slims -- senayan_library_management_system | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | 2023-09-01 | 8.8 | CVE-2023-40970 MISC MISC |
| ibos -- ibos | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 8.8 | CVE-2023-4713 MISC MISC MISC |
| ibos -- ibos | A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238629 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | 8.8 | CVE-2023-4740 MISC MISC MISC |
| ibos -- ibos | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=diary/default/del of the component Delete Logs Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-238630 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | 8.8 | CVE-2023-4741 MISC MISC MISC |
| ibos -- ibos | A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/user/export&uid=X. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238631. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | 8.8 | CVE-2023-4742 MISC MISC MISC |
| totolink -- n200re-v5 | A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635. | 2023-09-04 | 8.8 | CVE-2023-4746 MISC MISC MISC |
| google -- chrome | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 2023-09-05 | 8.8 | CVE-2023-4762 MISC MISC MISC |
| google -- chrome | Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-09-05 | 8.8 | CVE-2023-4763 MISC MISC MISC |
| open_automation_software -- oas_platform | A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 8.1 | CVE-2023-32615 MISC MISC |
| open_automation_software -- oas_platform | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability. | 2023-09-05 | 8.1 | CVE-2023-34998 MISC MISC |
| moxa -- mxsecurity | A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. | 2023-09-02 | 8.1 | CVE-2023-39980 MISC |
| pkp -- pkb-lib | Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-09-01 | 8.1 | CVE-2023-4695 MISC MISC |
| d-link -- dar-8000-10 | A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 8.1 | CVE-2023-4711 MISC MISC MISC |
| google -- chrome | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 2023-09-05 | 8.1 | CVE-2023-4761 MISC MISC MISC |
| bmc -- patrol_agent | BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | 2023-09-05 | 7.8 | CVE-2020-35593 MISC MISC MISC MISC MISC |
| adobe -- acrobat_reader |
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-06 | 7.8 | CVE-2021-21088 MISC |
| adobe -- acrobat_reader |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-06 | 7.8 | CVE-2021-28644 MISC |
| adobe -- acrobat_reader |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-06 | 7.8 | CVE-2021-35980 MISC |
| adobe -- premiere_pro |
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2021-40795 MISC |
| adobe -- premiere_pro |
Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file. | 2023-09-07 | 7.8 | CVE-2021-43018 MISC |
| adobe -- premiere_pro |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2021-44188 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30637 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30638 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30639 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30640 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30641 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30642 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30643 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30644 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30645 MISC |
| adobe -- illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 7.8 | CVE-2022-30646 MISC |
| qualcomm -- 315_5g_iot_modem | Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. | 2023-09-05 | 7.8 | CVE-2022-33275 MISC |
| qualcomm -- aqt1000 | Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service. | 2023-09-05 | 7.8 | CVE-2022-40524 MISC |
| qualcomm -- wcn685x-5 | Memory corruption due to improper validation of array index in Audio. | 2023-09-05 | 7.8 | CVE-2022-40534 MISC |
| saltstack -- salt | Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash. | 2023-09-05 | 7.8 | CVE-2023-20898 MISC |
| qualcomm -- aqt1000 | Memory Corruption due to improper validation of array index in Linux while updating adn record. | 2023-09-05 | 7.8 | CVE-2023-21636 MISC |
| qualcomm -- aqt1000 | Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. | 2023-09-05 | 7.8 | CVE-2023-21644 MISC |
| qualcomm -- apq8096au | Memory corruption in Audio during playback session with audio effects enabled. | 2023-09-05 | 7.8 | CVE-2023-21654 MISC |
| qualcomm -- qca6391 | Memory corruption in Audio while validating and mapping metadata. | 2023-09-05 | 7.8 | CVE-2023-21655 MISC |
| qualcomm -- aqt1000 | Memory corruption in Core Platform while printing the response buffer in log. | 2023-09-05 | 7.8 | CVE-2023-21662 MISC |
| qualcomm -- aqt1000 | Memory Corruption while accessing metadata in Display. | 2023-09-05 | 7.8 | CVE-2023-21663 MISC |
| qualcomm -- aqt1000 | Memory Corruption in Core Platform while printing the response buffer in log. | 2023-09-05 | 7.8 | CVE-2023-21664 MISC |
| bludit -- bludit | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | 2023-09-01 | 7.8 | CVE-2023-24674 MISC MISC |
| dell -- alienware_command_center | Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system. | 2023-09-04 | 7.8 | CVE-2023-28072 MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28209 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28210 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28211 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28212 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28213 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28214 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-28215 MISC MISC |
| qualcomm -- aqt1000 | Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. | 2023-09-05 | 7.8 | CVE-2023-28538 MISC |
| qualcomm -- 315_5g_iot_modem | Memory corruption in WLAN handler while processing PhyID in Tx status handler. | 2023-09-05 | 7.8 | CVE-2023-28558 MISC |
| qualcomm -- aqt1000 | Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. | 2023-09-05 | 7.8 | CVE-2023-28559 MISC |
| qualcomm -- aqt1000 | Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. | 2023-09-05 | 7.8 | CVE-2023-28564 MISC |
| qualcomm -- 9205_lte | Memory corruption in WLAN HAL while handling command streams through WMI interfaces. | 2023-09-05 | 7.8 | CVE-2023-28565 MISC |
| qualcomm -- 315_5g_iot | Memory corruption in WLAN HAL while handling command through WMI interfaces. | 2023-09-05 | 7.8 | CVE-2023-28567 MISC |
| qualcomm -- 315_5g_iot | Memory corruption in WLAN HAL while parsing WMI command parameters. | 2023-09-05 | 7.8 | CVE-2023-28573 MISC |
| samsung_mobile -- multiple_products | Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities. | 2023-09-06 | 7.8 | CVE-2023-30710 MISC |
| samsung_mobile -- multiple_products | Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity. | 2023-09-06 | 7.8 | CVE-2023-30712 MISC |
| samsung_mobile -- blockchain_keystore | Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. | 2023-09-06 | 7.8 | CVE-2023-30722 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 7.8 | CVE-2023-31132 MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2023-09-06 | 7.8 | CVE-2023-32356 MISC MISC |
| apple -- macos_ventura | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-06 | 7.8 | CVE-2023-32379 MISC MISC |
| apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges. | 2023-09-06 | 7.8 | CVE-2023-32425 MISC MISC MISC MISC |
| apple -- macos_ventura | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges. | 2023-09-06 | 7.8 | CVE-2023-32426 MISC MISC |
| apple -- multiple_products | This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. | 2023-09-06 | 7.8 | CVE-2023-32428 MISC MISC MISC MISC MISC MISC MISC MISC |
| canonical_ltd. -- ubuntu | In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. | 2023-09-01 | 7.8 | CVE-2023-3297 MISC MISC MISC MISC |
| qualcomm -- apq8064au | Memory corruption in Graphics while processing user packets for command submission. | 2023-09-05 | 7.8 | CVE-2023-33021 MISC |
| soar_cloud_ltd._ -- hr_portal |
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account. | 2023-09-07 | 7.8 | CVE-2023-34357 MISC |
| panasonic -- kw_watcher | Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | 2023-09-06 | 7.8 | CVE-2023-3471 MISC MISC |
| panasonic -- kw_watcher | Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | 2023-09-06 | 7.8 | CVE-2023-3472 MISC MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38443 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38444 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38449 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38450 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38451 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38452 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38453 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38455 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38456 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38458 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38459 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38460 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-09-04 | 7.8 | CVE-2023-38464 MISC |
| forescout -- secureconnector | ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element | 2023-09-03 | 7.8 | CVE-2023-39374 MISC |
| ge -- cimplicity | GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. | 2023-09-05 | 7.8 | CVE-2023-4487 MISC MISC |
| vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | 2023-09-04 | 7.8 | CVE-2023-4733 MISC MISC MISC MISC |
| vim -- vim | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | 2023-09-02 | 7.8 | CVE-2023-4734 MISC MISC |
| vim -- vim | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | 2023-09-02 | 7.8 | CVE-2023-4735 MISC MISC |
| vim -- vim | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | 2023-09-02 | 7.8 | CVE-2023-4736 MISC MISC |
| vim -- vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | 2023-09-02 | 7.8 | CVE-2023-4738 MISC MISC |
| vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | 2023-09-04 | 7.8 | CVE-2023-4750 MISC MISC MISC MISC |
| vim -- vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | 2023-09-03 | 7.8 | CVE-2023-4751 MISC MISC |
| vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 2023-09-04 | 7.8 | CVE-2023-4752 MISC MISC MISC MISC |
| vim -- vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | 2023-09-05 | 7.8 | CVE-2023-4781 MISC MISC |
| elsys -- ers_1.5 | ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. | 2023-09-01 | 7.5 | CVE-2022-46527 MISC MISC |
| qualcomm -- ar8035 | Transient DOS in Modem while processing invalid System Information Block 1. | 2023-09-05 | 7.5 | CVE-2023-21646 MISC |
| qualcomm -- ar8035 | Transient DOS in Modem while processing RRC reconfiguration message. | 2023-09-05 | 7.5 | CVE-2023-21653 MISC |
| eclipse -- mosquitto | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | 2023-09-01 | 7.5 | CVE-2023-28366 CONFIRM MISC MISC CONFIRM |
| qualcomm -- aqt1000 | Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | 2023-09-05 | 7.5 | CVE-2023-28584 MISC |
| samsung_mobile -- multiple_products | Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status. | 2023-09-06 | 7.5 | CVE-2023-30708 MISC |
| samsung_mobile -- email | Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. | 2023-09-06 | 7.5 | CVE-2023-30729 MISC |
| roundcube -- roundcube | Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests. | 2023-09-04 | 7.5 | CVE-2023-3222 MISC |
| qualcomm -- 315_5g | Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. | 2023-09-05 | 7.5 | CVE-2023-33015 MISC |
| qualcomm -- csr8811 | Transient DOS in WLAN firmware while parsing MLO (multi-link operation). | 2023-09-05 | 7.5 | CVE-2023-33016 MISC |
| qualcomm -- 9206_lte | Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | 2023-09-05 | 7.5 | CVE-2023-33019 MISC |
| qualcomm -- 9206_lte | Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | 2023-09-05 | 7.5 | CVE-2023-33020 MISC |
| google -- android | In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed | 2023-09-04 | 7.5 | CVE-2023-33914 MISC |
| google -- android | In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | 2023-09-04 | 7.5 | CVE-2023-33915 MISC |
| open_automation_software -- oas_platform | An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | 2023-09-05 | 7.5 | CVE-2023-34353 MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | 2023-09-05 | 7.5 | CVE-2023-35906 MISC MISC |
| vesoft -- nebulagraph_studio | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | 2023-09-01 | 7.5 | CVE-2023-36088 MISC MISC MISC |
| hjson-java -- hjson-java | An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. | 2023-09-01 | 7.5 | CVE-2023-39685 MISC |
| moxa -- mxsecurity | A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. | 2023-09-02 | 7.5 | CVE-2023-39981 MISC |
| lexmark -- c2132 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability. | 2023-09-01 | 7.5 | CVE-2023-40239 MISC |
| dataease -- dataease | SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. | 2023-09-01 | 7.5 | CVE-2023-40771 MISC |
| timg -- timg | Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address. | 2023-09-01 | 7.5 | CVE-2023-40968 MISC |
| ahwx -- librey | LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | 2023-09-04 | 7.5 | CVE-2023-41055 MISC MISC |
| parse_platform -- parse-server | Parse Server is an open-source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers. | 2023-09-04 | 7.5 | CVE-2023-41058 MISC MISC MISC MISC MISC |
| jira -- o-ran_software_community | O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | 2023-09-01 | 7.5 | CVE-2023-41627 MISC |
| jira -- o-ran_software_community | An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. | 2023-09-01 | 7.5 | CVE-2023-41628 MISC |
| frrouting -- frrouting | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | 2023-09-05 | 7.5 | CVE-2023-41909 MISC |
| juniper -- junos | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. | 2023-09-01 | 7.5 | CVE-2023-4481 MISC MISC MISC MISC |
| daurnimator -- lua-http | Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283. | 2023-09-05 | 7.5 | CVE-2023-4540 MISC MISC |
| lg -- lg_led_assistant | This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. | 2023-09-04 | 7.5 | CVE-2023-4615 MISC MISC |
| lg -- lg_led_assistant | This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. | 2023-09-04 | 7.5 | CVE-2023-4616 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | 2023-09-01 | 7.5 | CVE-2023-4647 MISC |
| playtube -- playtube | A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 7.5 | CVE-2023-4714 MISC MISC MISC |
| yongyou -- ufida-nc | A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238637 was assigned to this vulnerability. | 2023-09-05 | 7.5 | CVE-2023-4748 MISC MISC MISC |
| adobe -- coldfusion |
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. | 2023-09-07 | 7.4 | CVE-2021-40698 MISC |
| adobe -- coldfusion |
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. | 2023-09-07 | 7.4 | CVE-2021-40699 MISC |
| hewlett_packard_enterprise -- aruba_airwave | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | 2023-09-05 | 7.2 | CVE-2015-2201 MISC |
| hewlett_packard_enterprise -- aruba_airwave | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | 2023-09-05 | 7.2 | CVE-2015-2202 MISC |
| openwrt -- openwrt | In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189. | 2023-09-04 | 7.2 | CVE-2023-20820 MISC |
| bookreen -- bookreen | Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0. | 2023-09-05 | 7.2 | CVE-2023-3375 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 7.2 | CVE-2023-39362 MISC |
| msamsung_mobile -- multiple_products | Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege. | 2023-09-06 | 7.1 | CVE-2023-30707 MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| yocto -- yocto | In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113. | 2023-09-04 | 6.7 | CVE-2023-20821 MISC |
| google -- android | In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012. | 2023-09-04 | 6.7 | CVE-2023-20822 MISC |
| yocto -- yocto | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144. | 2023-09-04 | 6.7 | CVE-2023-20828 MISC |
| yocto -- yocto | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148. | 2023-09-04 | 6.7 | CVE-2023-20829 MISC |
| yocto -- yocto | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156. | 2023-09-04 | 6.7 | CVE-2023-20830 MISC |
| yocto -- yocto | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162. | 2023-09-04 | 6.7 | CVE-2023-20831 MISC |
| yocto -- yocto | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530. | 2023-09-04 | 6.7 | CVE-2023-20832 MISC |
| google -- android | In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786. | 2023-09-04 | 6.7 | CVE-2023-20837 MISC |
| samsung_mobile -- multiple_products | Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege. | 2023-09-06 | 6.7 | CVE-2023-30709 MISC |
| yocto -- yocto | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589. | 2023-09-04 | 6.7 | CVE-2023-32806 MISC |
| yocto -- yocto | In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848. | 2023-09-04 | 6.7 | CVE-2023-32811 MISC |
| yocto -- yocto | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365. | 2023-09-04 | 6.7 | CVE-2023-32812 MISC |
| google -- android | In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed | 2023-09-04 | 6.7 | CVE-2023-38553 MISC |
| solarwinds_ -- serv-u |
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | 2023-09-07 | 6.6 | CVE-2023-40060 MISC MISC |
| ibm -- security_guardium | IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894. | 2023-09-05 | 6.5 | CVE-2022-43903 MISC MISC |
| yocto -- yocto | In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430. | 2023-09-04 | 6.5 | CVE-2023-20840 MISC |
| yocto -- yocto | In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441. | 2023-09-04 | 6.5 | CVE-2023-20841 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477. | 2023-09-04 | 6.5 | CVE-2023-20842 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433. | 2023-09-04 | 6.5 | CVE-2023-20848 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350. | 2023-09-04 | 6.5 | CVE-2023-20849 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381. | 2023-09-04 | 6.5 | CVE-2023-20850 MISC |
| qualcomm -- qca6390 | Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard. | 2023-09-05 | 6.5 | CVE-2023-21667 MISC |
| apple -- macos | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service. | 2023-09-06 | 6.5 | CVE-2023-28187 MISC MISC |
| apple -- macos | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service. | 2023-09-06 | 6.5 | CVE-2023-28188 MISC MISC |
| open_automation_software -- oas_platform | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 6.5 | CVE-2023-32271 MISC MISC |
| apple -- macos_ventura | Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information. | 2023-09-06 | 6.5 | CVE-2023-32362 MISC MISC |
| google -- android | In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892. | 2023-09-04 | 6.5 | CVE-2023-32805 MISC |
| open_automation_software -- oas_platform | An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 6.5 | CVE-2023-34317 MISC MISC |
| hyundai -- hyundai_2017 | A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. | 2023-09-03 | 6.5 | CVE-2023-39373 MISC |
| google -- chrome | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | 2023-09-05 | 6.5 | CVE-2023-4764 MISC MISC MISC |
| google -- android | In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105. | 2023-09-04 | 6.4 | CVE-2023-20827 MISC |
| google -- android | In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514. | 2023-09-04 | 6.4 | CVE-2023-20834 MISC |
| yocto -- yocto | In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570. | 2023-09-04 | 6.4 | CVE-2023-20835 MISC |
| wordpress -- wordpress |
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-07 | 6.4 | CVE-2023-4772 MISC MISC MISC |
| wordpress -- wordpress | The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-06 | 6.4 | CVE-2023-4773 MISC MISC |
| wordpress -- wordpress |
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-06 | 6.4 | CVE-2023-4779 MISC MISC |
| wordpress -- wordpress |
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-09 | 6.4 | CVE-2023-4838 MISC MISC |
| google -- android | In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08048635; Issue ID: ALPS08048635. | 2023-09-04 | 6.3 | CVE-2023-20851 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 6.3 | CVE-2023-39365 MISC |
| xwiki -- xwiki_platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds. | 2023-09-01 | 6.3 | CVE-2023-41046 MISC MISC MISC MISC |
| hewlett_packard_enterprise -- aruba_airwave | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | 2023-09-05 | 6.1 | CVE-2015-1390 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | 2023-09-01 | 6.1 | CVE-2023-1279 MISC MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1 versions. | 2023-09-06 | 6.1 | CVE-2023-29441 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3 versions. | 2023-09-04 | 6.1 | CVE-2023-30485 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions. | 2023-09-04 | 6.1 | CVE-2023-30494 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions. | 2023-09-06 | 6.1 | CVE-2023-30497 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <= 2.2 versions. | 2023-09-04 | 6.1 | CVE-2023-31220 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <= 2.2.9 versions. | 2023-09-04 | 6.1 | CVE-2023-32296 MISC |
| shirasagi -- shirasagi | Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 2023-09-05 | 6.1 | CVE-2023-36492 MISC MISC |
| 7twenty -- bot | 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | 2023-09-03 | 6.1 | CVE-2023-37221 MISC |
| general_solutions_steiner_gmbh -- contwise_case2 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | 2023-09-01 | 6.1 | CVE-2023-37826 MISC MISC |
| general_solutions_steiner_gmbh -- contwise_case2 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | 2023-09-01 | 6.1 | CVE-2023-37827 MISC MISC |
| general_solutions_steiner_gmbh -- contwise_case2 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | 2023-09-01 | 6.1 | CVE-2023-37828 MISC MISC |
| general_solutions_steiner_gmbh -- contwise_case2 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | 2023-09-01 | 6.1 | CVE-2023-37829 MISC MISC |
| general_solutions_steiner_gmbh -- contwise_case2 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 2023-09-01 | 6.1 | CVE-2023-37830 MISC MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | 2023-09-01 | 6.1 | CVE-2023-37893 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions. | 2023-09-01 | 6.1 | CVE-2023-37997 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugins User Email Verification for WooCommerce plugin <= 3.5.0 versions. | 2023-09-04 | 6.1 | CVE-2023-39162 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19 versions. | 2023-09-04 | 6.1 | CVE-2023-39164 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 6.1 | CVE-2023-39360 MISC |
| startrinity -- softswitch | StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79) | 2023-09-03 | 6.1 | CVE-2023-39369 MISC |
| startrinity -- softswitch | StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | 2023-09-03 | 6.1 | CVE-2023-39371 MISC |
| typora -- typora | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. | 2023-09-01 | 6.1 | CVE-2023-39703 MISC |
| sourcecodester -- free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. | 2023-09-01 | 6.1 | CVE-2023-39710 MISC MISC MISC |
| sourcecodester -- free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. | 2023-09-01 | 6.1 | CVE-2023-39714 MISC MISC MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01 versions. | 2023-09-04 | 6.1 | CVE-2023-39918 MISC |
| i-pro_co._ltd. -- video_insight | Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-09-05 | 6.1 | CVE-2023-39938 MISC MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions. | 2023-09-04 | 6.1 | CVE-2023-39991 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions. | 2023-09-04 | 6.1 | CVE-2023-39992 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11 versions. | 2023-09-04 | 6.1 | CVE-2023-40196 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15 versions. | 2023-09-04 | 6.1 | CVE-2023-40205 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Uroševi? Stock Ticker plugin <= 3.23.3 versions. | 2023-09-04 | 6.1 | CVE-2023-40208 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions. | 2023-09-04 | 6.1 | CVE-2023-40214 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausible.Io Plausible Analytics plugin <= 1.3.3 versions. | 2023-09-06 | 6.1 | CVE-2023-40553 MISC |
| awordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions. | 2023-09-06 | 6.1 | CVE-2023-40554 MISC |
| wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. | 2023-09-06 | 6.1 | CVE-2023-40601 MISC |
| senayan_library_management_system -- slims_9_bulian | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | 2023-09-01 | 6.1 | CVE-2023-40969 MISC MISC |
| decentraland -- single_sign_on_client | @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | 2023-09-01 | 6.1 | CVE-2023-41049 MISC MISC |
| wordpress -- wordpress | The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-09-04 | 6.1 | CVE-2023-4151 MISC |
| wordpress -- wordpress | The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-09-04 | 6.1 | CVE-2023-4284 MISC |
| infosoftbd -- clcknshop | A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 6.1 | CVE-2023-4707 MISC MISC MISC |
| totvs -- rm | A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 6.1 | CVE-2023-4709 MISC MISC |
| totvs -- rm | A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 6.1 | CVE-2023-4710 MISC MISC |
| wordpress -- wordpress | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link. | 2023-09-06 | 6.1 | CVE-2023-4719 MISC MISC MISC |
| ibm -- aspera_faspex | IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. | 2023-09-05 | 5.9 | CVE-2023-22870 MISC MISC |
| moxa -- mxsecurity | A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. | 2023-09-02 | 5.9 | CVE-2023-39982 MISC |
| oracle -- apache_nifi_minifi_c_plus_plus | Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS. Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior. | 2023-09-03 | 5.9 | CVE-2023-41180 MISC |
| apollo_router -- apollo_router | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following conditions are met**: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 ("impacted versions"); **and** 2. The Supergraph schema provided to the Router (either via Apollo Uplink or explicitly via other configuration) **has a `subscription` type** with root-fields defined; **and** 3. The YAML configuration provided to the Router **has subscriptions enabled** (they are _disabled_ by default), either by setting `enabled: true` _or_ by setting a valid `mode` within the `subscriptions` object (as seen in [subscriptions' documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup)); **and** 4. An [anonymous](https://spec.graphql.org/draft/#sec-Anonymous-Operation-Definitions) (i.e., un-named) `subscription` operation (e.g., `subscription { ... }`) is received by the Router If **all four** of these criteria are met, the impacted versions will panic and terminate. There is no data-privacy risk or sensitive-information exposure aspect to this vulnerability. This is fixed in Apollo Router v1.29.1. Users are advised to upgrade. Updating to v1.29.1 should be a clear and simple upgrade path for those running impacted versions. However, if Subscriptions are **not** necessary for your Graph – but are enabled via configuration — then disabling subscriptions is another option to mitigate the risk. | 2023-09-05 | 5.9 | CVE-2023-41317 MISC MISC MISC |
| adobe -- media_encoder |
Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-06 | 5.5 | CVE-2021-36060 MISC |
| adobe -- acrobat_reader |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-06 | 5.5 | CVE-2021-39859 MISC |
| adobe -- acrobat_reader |
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 5.5 | CVE-2021-40723 MISC |
| adobe -- premiere_pro |
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 5.5 | CVE-2021-40790 MISC |
| adobe -- premiere_pro |
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 5.5 | CVE-2021-40791 MISC |
| adobe -- premiere_pro |
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 5.5 | CVE-2021-42265 MISC |
| adobe -- premiere_pro |
Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 5.5 | CVE-2021-42734 MISC |
| apple -- xcode | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | 2023-09-06 | 5.5 | CVE-2022-32920 MISC |
| qualcomm -- aqt1000 | Information disclosure in Automotive multimedia due to buffer over-read. | 2023-09-05 | 5.5 | CVE-2022-33220 MISC |
| google -- android | In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402. | 2023-09-04 | 5.5 | CVE-2023-20824 MISC |
| google -- android | In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | 2023-09-04 | 5.5 | CVE-2023-20825 MISC |
| google -- android | In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550. | 2023-09-04 | 5.5 | CVE-2023-20826 MISC |
| apple -- macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. | 2023-09-06 | 5.5 | CVE-2023-27950 MISC MISC |
| ibm -- sterling_external_authentication_server | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | 2023-09-05 | 5.5 | CVE-2023-29261 MISC MISC MISC |
| samsung_mobile -- multiple_products | Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | 2023-09-06 | 5.5 | CVE-2023-30713 MISC |
| samsung_mobile -- multiple_products | Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. | 2023-09-06 | 5.5 | CVE-2023-30716 MISC |
| samsung_mobile -- multiple_products | PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. | 2023-09-06 | 5.5 | CVE-2023-30720 MISC |
| samsung_mobile -- gallery | Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. | 2023-09-06 | 5.5 | CVE-2023-30725 MISC |
| samsung_mobile -- multiple_products | PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data. | 2023-09-06 | 5.5 | CVE-2023-30726 MISC |
| samsung_mobile -- multiple_products | Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction. | 2023-09-06 | 5.5 | CVE-2023-30728 MISC |
| samsung_mobile -- multiple_products | Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file. | 2023-09-06 | 5.5 | CVE-2023-30730 MISC |
| ibm -- sterling_secure_proxy | IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | 2023-09-05 | 5.5 | CVE-2023-32338 MISC MISC MISC MISC |
| apple -- macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data. | 2023-09-06 | 5.5 | CVE-2023-32432 MISC MISC MISC MISC MISC MISC MISC MISC |
| apple -- macos | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | 2023-09-06 | 5.5 | CVE-2023-32438 MISC MISC MISC MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-33916 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-33917 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-33918 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-09-04 | 5.5 | CVE-2023-38436 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38437 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-09-04 | 5.5 | CVE-2023-38438 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38439 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38440 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38441 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38442 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38445 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38446 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38447 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38448 MISC |
| google -- android | In vowifi service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38454 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38457 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38461 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38462 MISC |
| google -- android | In vowifiservice, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-09-04 | 5.5 | CVE-2023-38463 MISC |
| google -- android | In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-09-04 | 5.5 | CVE-2023-38465 MISC |
| google -- android | In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-09-04 | 5.5 | CVE-2023-38466 MISC |
| google -- android | In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges | 2023-09-04 | 5.5 | CVE-2023-38554 MISC |
| hyper_bump_it -- hyper_bump_it | hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`. | 2023-09-04 | 5.5 | CVE-2023-41057 MISC MISC |
| catdoc -- catdoc | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. | 2023-09-01 | 5.5 | CVE-2023-41633 MISC MISC |
| phpfusion -- phpfusion | Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation. | 2023-09-05 | 5.5 | CVE-2023-4480 MISC |
| gpac -- gpac | Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4720 MISC MISC |
| gpac -- gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4721 MISC MISC |
| gpac -- gpac | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4722 MISC MISC |
| gpac -- gpac | Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-04 | 5.5 | CVE-2023-4754 MISC MISC |
| gpac -- gpac | Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-04 | 5.5 | CVE-2023-4755 MISC MISC |
| gpac -- gpac | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-04 | 5.5 | CVE-2023-4756 MISC MISC |
| gpac -- gpac | Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-04 | 5.5 | CVE-2023-4758 MISC MISC |
| gpac -- gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-05 | 5.5 | CVE-2023-4778 MISC MISC |
| searchblox -- searchblox | SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript. | 2023-09-05 | 5.4 | CVE-2020-10128 MISC |
| navblue -- s.a.s_n-ops_&_crew | NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS). | 2023-09-01 | 5.4 | CVE-2022-44349 MISC MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions. | 2023-09-04 | 5.4 | CVE-2023-32102 MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <= 1.3.3 versions. | 2023-09-04 | 5.4 | CVE-2023-32578 MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions. | 2023-09-01 | 5.4 | CVE-2023-37994 MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2 versions. | 2023-09-03 | 5.4 | CVE-2023-38516 MISC |
| shirasagi -- shirasagi | Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 2023-09-05 | 5.4 | CVE-2023-38569 MISC MISC |
| startrinity -- softswitch | StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79) | 2023-09-03 | 5.4 | CVE-2023-39370 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. _CENSUS_ found that an adversary that is able to configure a data-query template with malicious code appended in the template path, in order to deploy a stored XSS attack against any user with the _General Administration>Sites/Devices/Data_ privileges. A user that possesses the _Template Editor>Data Queries_ permissions can configure the data query template path in _cacti_. Please note that such a user may be a low privileged user. This configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing an existing or adding a new data query template. If a template is linked to a device, then the formatted template path will be rendered in the device's management page, when a _verbose data query_ is requested. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 5.4 | CVE-2023-39513 MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph, then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping. | 2023-09-05 | 5.4 | CVE-2023-39514 MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ???(std.Cloud) WxSync plugin <= 2.7.23 versions. | 2023-09-04 | 5.4 | CVE-2023-39988 MISC |
| wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9 versions. | 2023-09-04 | 5.4 | CVE-2023-40197 MISC |
| i-pro_co._ltd. -- video_insight | Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. | 2023-09-05 | 5.4 | CVE-2023-40535 MISC MISC |
| i-pro_co._ltd. -- video_insight | Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. | 2023-09-05 | 5.4 | CVE-2023-40705 MISC MISC |
| f-revocrm -- f-revocrm | F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | 2023-09-06 | 5.4 | CVE-2023-41150 MISC MISC |
| wordpress -- wordpress | The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-02 | 5.4 | CVE-2023-4718 MISC MISC MISC |
| saltstack -- salt | Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. | 2023-09-05 | 5.3 | CVE-2023-20897 MISC |
| github -- enterprise_server | An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-09-01 | 5.3 | CVE-2023-23763 MISC MISC MISC MISC |
| password_recovery -- password_recovery | User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database. | 2023-09-04 | 5.3 | CVE-2023-3221 MISC |
| apple -- macos_ventura | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. | 2023-09-06 | 5.3 | CVE-2023-32370 MISC |
| apple -- multiple_products | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | 2023-09-06 | 5.3 | CVE-2023-34352 MISC MISC MISC MISC MISC MISC MISC MISC |
| moxa -- mxsecurity | A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. | 2023-09-02 | 5.3 | CVE-2023-39983 MISC |
| vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects. | 2023-09-04 | 5.3 | CVE-2023-40015 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | 2023-09-01 | 5.3 | CVE-2023-4018 MISC MISC |
| vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects. | 2023-09-04 | 5.3 | CVE-2023-41052 MISC MISC |
| cerebrate -- cerebrate | Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | 2023-09-05 | 5.3 | CVE-2023-41908 MISC MISC |
| tenda -- ac6 | Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. | 2023-09-05 | 4.9 | CVE-2021-40546 MISC |
| samsung_mobile -- keyboard | Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. | 2023-09-06 | 4.9 | CVE-2023-30706 MISC |
| advanced_file_manager -- advanced_file_manager | The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | 2023-09-04 | 4.9 | CVE-2023-3814 MISC |
| chamilo -- chamilo_lms | SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. | 2023-09-01 | 4.9 | CVE-2023-39582 MISC |
| instantcms -- instantcms | External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-09-01 | 4.9 | CVE-2023-4704 MISC MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions. | 2023-09-04 | 4.8 | CVE-2023-25465 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. | 2023-09-01 | 4.8 | CVE-2023-25477 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions. | 2023-09-01 | 4.8 | CVE-2023-25488 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions. | 2023-09-01 | 4.8 | CVE-2023-34011 MISC |
| wordpress -- wordpress | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-04 | 4.8 | CVE-2023-3499 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 2.0.0 versions. | 2023-09-04 | 4.8 | CVE-2023-36382 MISC |
| farsight_tech_nordic -- ab_provide | Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege. | 2023-09-03 | 4.8 | CVE-2023-37222 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.9.3 versions. | 2023-09-04 | 4.8 | CVE-2023-37393 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions. | 2023-09-01 | 4.8 | CVE-2023-37986 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <= 1.2.6 versions. | 2023-09-03 | 4.8 | CVE-2023-38387 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6 versions. | 2023-09-03 | 4.8 | CVE-2023-38476 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <= 1.25.0 versions. | 2023-09-03 | 4.8 | CVE-2023-38482 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Realwebcare WRC Pricing Tables plugin <= 2.3.7 versions. | 2023-09-03 | 4.8 | CVE-2023-38517 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visualmodo Borderless plugin <= 1.4.8 versions. | 2023-09-03 | 4.8 | CVE-2023-38518 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <= 1.3.1 versions. | 2023-09-03 | 4.8 | CVE-2023-38521 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g., data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 4.8 | CVE-2023-39366 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 4.8 | CVE-2023-39510 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g., data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 4.8 | CVE-2023-39512 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 2023-09-05 | 4.8 | CVE-2023-39515 MISC |
| cacti -- cacti | Cacti is an open-source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g., data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the 'General Administration>Sites/Devices/Data' permissions can configure the data source path in Cacti. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. The same page can be used for previewing the data source path. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually escape HTML output. | 2023-09-05 | 4.8 | CVE-2023-39516 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany – Protected Shops plugin <= 2.0 versions. | 2023-09-04 | 4.8 | CVE-2023-39919 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions. | 2023-09-04 | 4.8 | CVE-2023-39987 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwol Bastakoti CT Commerce plugin <= 2.0.1 versions. | 2023-09-06 | 4.8 | CVE-2023-40007 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 versions. | 2023-09-04 | 4.8 | CVE-2023-40206 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions. | 2023-09-06 | 4.8 | CVE-2023-40328 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions. | 2023-09-06 | 4.8 | CVE-2023-40329 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions. | 2023-09-06 | 4.8 | CVE-2023-40552 MISC |
| wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | 2023-09-06 | 4.8 | CVE-2023-40560 MISC |
| wordpress -- wordpress | The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-04 | 4.8 | CVE-2023-4253 MISC |
| wordpress -- wordpress | The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-04 | 4.8 | CVE-2023-4254 MISC |
| wordpress -- wordpress | The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-09-04 | 4.8 | CVE-2023-4298 MISC |
| wordpress -- wordpress | The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-09-05 | 4.8 | CVE-2023-4636 MISC MISC MISC |
| vm-memory_project -- vm-memory | In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-01 | 4.7 | CVE-2023-41051 MISC MISC MISC |
| samsung_mobile -- multiple_products | Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | 2023-09-06 | 4.6 | CVE-2023-30714 MISC |
| google -- android | In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-09-04 | 4.4 | CVE-2022-47352 MISC |
| google -- android | In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed. | 2023-09-04 | 4.4 | CVE-2022-47353 MISC |
| google -- android | In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed. | 2023-09-04 | 4.4 | CVE-2022-48452 MISC |
| google -- android | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-09-04 | 4.4 | CVE-2022-48453 MISC |
| google -- android | In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08021592; Issue ID: ALPS08021592. | 2023-09-04 | 4.4 | CVE-2023-20823 MISC |
| google -- android | In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764. | 2023-09-04 | 4.4 | CVE-2023-20833 MISC |
| google -- android | In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505629; Issue ID: ALPS07505629. | 2023-09-04 | 4.4 | CVE-2023-20836 MISC |
| samsung_mobile -- multiple_products | Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. | 2023-09-06 | 4.4 | CVE-2023-30721 MISC |
| yocto -- yocto | In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588360; Issue ID: ALPS07588360. | 2023-09-04 | 4.4 | CVE-2023-32807 MISC |
| google -- android | In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751. | 2023-09-04 | 4.4 | CVE-2023-32808 MISC |
| google -- android | In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753. | 2023-09-04 | 4.4 | CVE-2023-32809 MISC |
| yocto -- yocto | In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212. | 2023-09-04 | 4.4 | CVE-2023-32810 MISC |
| yocto -- yocto | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370. | 2023-09-04 | 4.4 | CVE-2023-32813 MISC |
| google -- android | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947. | 2023-09-04 | 4.4 | CVE-2023-32814 MISC |
| yocto -- yocto | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801. | 2023-09-04 | 4.4 | CVE-2023-32815 MISC |
| google -- android | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032. | 2023-09-04 | 4.4 | CVE-2023-32816 MISC |
| google -- android | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035. | 2023-09-04 | 4.4 | CVE-2023-32817 MISC |
| google -- android | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-09-04 | 4.4 | CVE-2023-38467 MISC |
| google -- android | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-09-04 | 4.4 | CVE-2023-38468 MISC |
| motorola -- smartphone_firmware | I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue. | 2023-09-01 | 4.3 | CVE-2022-3407 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | 2023-09-01 | 4.3 | CVE-2022-4343 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | 2023-09-01 | 4.3 | CVE-2023-0120 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | 2023-09-01 | 4.3 | CVE-2023-1555 MISC MISC |
| apple -- macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM. | 2023-09-06 | 4.3 | CVE-2023-28208 MISC MISC |
| cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 4.3 | CVE-2023-30534 MISC |
| open_automation_software -- oas_platform | An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 4.3 | CVE-2023-34994 MISC MISC |
| open_automation_software -- oas_platform | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 4.3 | CVE-2023-35124 MISC MISC |
| wordpress -- wordpress | The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | 2023-09-04 | 4.3 | CVE-2023-4059 MISC |
| wordpress -- wordpress | The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. | 2023-09-04 | 4.3 | CVE-2023-4269 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | 2023-09-01 | 4.3 | CVE-2023-4378 MISC MISC |
| wordpress -- wordpress |
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages. | 2023-09-07 | 4.3 | CVE-2023-4792 MISC MISC MISC |
| fortinet -- multiple_products | An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | 2023-09-01 | 4.2 | CVE-2022-22305 MISC |
| yocto -- yocto | In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409. | 2023-09-04 | 4.2 | CVE-2023-20839 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119. | 2023-09-04 | 4.2 | CVE-2023-20843 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121. | 2023-09-04 | 4.2 | CVE-2023-20844 MISC |
| yocto -- yocto | In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357. | 2023-09-04 | 4.2 | CVE-2023-20845 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098. | 2023-09-04 | 4.2 | CVE-2023-20846 MISC |
| yocto -- yocto | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108. | 2023-09-04 | 4.2 | CVE-2023-20847 MISC |
| yocto -- yocto | In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418. | 2023-09-04 | 4 | CVE-2023-20838 MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | F MISC |
| adobe -- premiere_pro |
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-43751 MISC |
| adobe -- lightroom_desktop |
Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-43753 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44189 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44190 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44191 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44192 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44193 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44194 MISC |
| adobe -- after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-09-07 | 3.3 | CVE-2021-44195 MISC |
| apple -- macos_ventura | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information. | 2023-09-06 | 3.3 | CVE-2023-28195 MISC MISC |
| samsung_mobile -- multiple_products | Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | 2023-09-06 | 3.3 | CVE-2023-30711 MISC |
| samsung_mobile -- multiple_products | Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission. | 2023-09-06 | 3.3 | CVE-2023-30715 MISC |
| samsung_mobile -- multiple_products | Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers. | 2023-09-06 | 3.3 | CVE-2023-30717 MISC |
| samsung_mobile -- multiple_products | Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. | 2023-09-06 | 3.3 | CVE-2023-30719 MISC |
| samsung_mobile -- gallery | Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. | 2023-09-06 | 3.3 | CVE-2023-30724 MISC |
| wordpress -- wordpress | The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. | 2023-09-04 | 2.7 | CVE-2023-4216 MISC |
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| tripodworks_co._ltd. -- gigapod_officehard_appliance_model |
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition. | 2023-09-08 | not yet calculated | CVE-2014-5329 MISC |
| searchblox -- searchblox |
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. | 2023-09-06 | not yet calculated | CVE-2020-10129 MISC |
| searchblox -- searchblox |
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | 2023-09-06 | not yet calculated | CVE-2020-10130 MISC |
| searchblox -- searchblox |
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | 2023-09-06 | not yet calculated | CVE-2020-10131 MISC |
| searchblox -- searchblox |
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | 2023-09-06 | not yet calculated | CVE-2020-10132 MISC |
| mofi_network -- mofi4500-4gxelte-v2 |
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. | 2023-09-08 | not yet calculated | CVE-2021-27715 MISC MISC |
| insyde_software -- h20fft |
An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash. | 2023-09-08 | not yet calculated | CVE-2021-33834 MISC MISC |
| kodexplorer -- kodexplorer |
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page. | 2023-09-06 | not yet calculated | CVE-2021-36646 MISC |
| osticket -- osticket |
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | 2023-09-08 | not yet calculated | CVE-2021-45811 MISC MISC MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. | 2023-09-08 | not yet calculated | CVE-2022-22401 MISC MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571. | 2023-09-08 | not yet calculated | CVE-2022-22402 MISC MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. | 2023-09-08 | not yet calculated | CVE-2022-22405 MISC MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592. | 2023-09-08 | not yet calculated | CVE-2022-22409 MISC MISC |
| qnap_systems_inc. -- qvr_pro_client |
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later | 2023-09-08 | not yet calculated | CVE-2022-27599 MISC |
| ibm -- security_directory_integrator |
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | 2023-09-08 | not yet calculated | CVE-2022-33164 MISC MISC |
| software_ag -- webmethods_onedata |
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows. | 2023-09-06 | not yet calculated | CVE-2023-0925 MISC |
| cisco -- cisco_identity_services_engine_software |
A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec. | 2023-09-07 | not yet calculated | CVE-2023-20193 MISC |
| samsung_mobile -- samsung_mobile_devices |
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings. | 2023-09-07 | not yet calculated | CVE-2023-20194 MISC |
| cisco -- cisco_broadworks |
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system. | 2023-09-06 | not yet calculated | CVE-2023-20238 MISC |
| cisco -- cisco_identity_services_engine_software |
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory. | 2023-09-06 | not yet calculated | CVE-2023-20243 MISC |
| cisco -- cisco_small_business_rv_series_router_firmware |
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device. | 2023-09-06 | not yet calculated | CVE-2023-20250 MISC |
| cisco -- cisco_hyperflex_hx_data_platform |
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | 2023-09-06 | not yet calculated | CVE-2023-20263 MISC |
| cisco -- cisco_adaptive_security_appliance_(asa)_software |
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-20269 MISC |
| electron -- electron |
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e., `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers. | 2023-09-06 | not yet calculated | CVE-2023-23623 MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. | 2023-09-08 | not yet calculated | CVE-2023-24965 MISC MISC |
| oracle -- apache_superset |
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to. | 2023-09-06 | not yet calculated | CVE-2023-27523 MISC |
| oracle -- apache_superset |
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. | 2023-09-06 | not yet calculated | CVE-2023-27526 MISC |
| hcl_software -- hcl_domino_server |
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | 2023-09-08 | not yet calculated | CVE-2023-28010 MISC |
| wordpress -- wordpress |
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. | 2023-09-04 | not yet calculated | CVE-2023-2813 MISC |
| qualcomm_inc -- snapdragon |
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. | 2023-09-05 | not yet calculated | CVE-2023-28544 MISC |
| qualcomm_inc -- snapdragon |
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. | 2023-09-05 | not yet calculated | CVE-2023-28548 MISC |
| qualcomm_inc -- snapdragon |
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. | 2023-09-05 | not yet calculated | CVE-2023-28549 MISC |
| qualcomm_inc -- snapdragon |
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | 2023-09-05 | not yet calculated | CVE-2023-28557 MISC |
| qualcomm_inc -- snapdragon |
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | 2023-09-05 | not yet calculated | CVE-2023-28560 MISC |
| electron -- electron |
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`. | 2023-09-06 | not yet calculated | CVE-2023-29198 MISC MISC |
| samsung_mobile -- samsung_mobile_devices |
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | 2023-09-06 | not yet calculated | CVE-2023-30718 MISC |
| mikrotik -- routeros |
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. | 2023-09-07 | not yet calculated | CVE-2023-30800 MISC |
| hpe -- oneview |
Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service. | 2023-09-07 | not yet calculated | CVE-2023-30908 MISC |
| ibm -- aspera_faspex |
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. | 2023-09-08 | not yet calculated | CVE-2023-30995 MISC MISC |
| tp-link -- archer_c50 |
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | 2023-09-06 | not yet calculated | CVE-2023-31188 MISC MISC MISC MISC |
| wacom -- drivers_for_windows |
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318. | 2023-09-06 | not yet calculated | CVE-2023-32162 MISC |
| wacom -- drivers_for_windows |
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857. | 2023-09-06 | not yet calculated | CVE-2023-32163 MISC |
| ibm -- maximo_asset_management |
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. | 2023-09-08 | not yet calculated | CVE-2023-32332 MISC MISC MISC |
| dell -- dell_digital_delivery |
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | 2023-09-08 | not yet calculated | CVE-2023-32470 MISC |
| tp-link -- archer_c50 |
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | 2023-09-06 | not yet calculated | CVE-2023-32619 MISC MISC MISC |
| oracle -- apache_superset |
An Incorrect authorization check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-32672 MISC |
| cloud_foundry -- routing |
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations. | 2023-09-08 | not yet calculated | CVE-2023-34041 MISC |
| isarnet_ag -- isarflow |
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal. | 2023-09-05 | not yet calculated | CVE-2023-34637 MISC |
| manageengine -- adselfservice_plus |
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009. | 2023-09-06 | not yet calculated | CVE-2023-35719 MISC |
| mysten_labs -- sui |
Mysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json. | 2023-09-08 | not yet calculated | CVE-2023-36184 MISC MISC MISC MISC |
| oracle -- apache_superset |
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | 2023-09-06 | not yet calculated | CVE-2023-36387 MISC |
| oracle -- apache_superset |
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. | 2023-09-06 | not yet calculated | CVE-2023-36388 MISC |
| tp-link -- tl-wr802n |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | 2023-09-06 | not yet calculated | CVE-2023-36489 MISC MISC MISC MISC |
| fortinet -- fortiswitchmanager |
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | 2023-09-07 | not yet calculated | CVE-2023-36635 MISC |
| tp-link -- archer_c20 |
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | 2023-09-06 | not yet calculated | CVE-2023-37284 MISC MISC |
| samsung-- exynos |
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages. | 2023-09-08 | not yet calculated | CVE-2023-37367 MISC |
| samsung-- exynos |
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. | 2023-09-08 | not yet calculated | CVE-2023-37368 MISC |
| samsung-- exynos |
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering. | 2023-09-08 | not yet calculated | CVE-2023-37377 MISC |
| cloudflare -- warp_client |
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. | 2023-09-07 | not yet calculated | CVE-2023-3747 MISC MISC |
| crypto_currency_tracker -- crypto_currency_tracker |
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. | 2023-09-08 | not yet calculated | CVE-2023-37759 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | 2023-09-06 | not yet calculated | CVE-2023-3777 MISC MISC MISC |
| vanderbilt -- redcap |
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | 2023-09-07 | not yet calculated | CVE-2023-37798 MISC MISC MISC |
| oracle -- apache_superset |
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. | 2023-09-06 | not yet calculated | CVE-2023-37941 MISC |
| hewlett_packard_enterprise -- aruba_9200/9000 |
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. | 2023-09-06 | not yet calculated | CVE-2023-38484 MISC |
| hewlett_packard_enterprise -- aruba_9200/9000 |
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. | 2023-09-06 | not yet calculated | CVE-2023-38485 MISC |
| hewlett_packard_enterprise -- aruba_9200/9000 |
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. | 2023-09-06 | not yet calculated | CVE-2023-38486 MISC |
| tp-link -- archer_c1200 |
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-38563 MISC MISC MISC |
| tp-link -- archer_a10 |
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-38568 MISC MISC |
| i-pro_co_ltd -- vi_web_client |
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 2023-09-05 | not yet calculated | CVE-2023-38574 MISC MISC |
| tp-link -- archer_c3150 |
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-38588 MISC MISC |
| apple -- macos |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | 2023-09-06 | not yet calculated | CVE-2023-38605 MISC MISC MISC |
| apple -- macos |
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-06 | not yet calculated | CVE-2023-38616 MISC |
| ibm -- qradar_wincollect_agent |
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542. | 2023-09-08 | not yet calculated | CVE-2023-38736 MISC MISC |
| general_motors -- chevrolet_equinox_2021_software |
Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system. | 2023-09-08 | not yet calculated | CVE-2023-39076 MISC |
| tp-link -- archer_c5 |
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | 2023-09-06 | not yet calculated | CVE-2023-39224 MISC MISC |
| oracle -- apache_superset |
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | 2023-09-06 | not yet calculated | CVE-2023-39264 MISC |
| oracle -- apache_superset |
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | 2023-09-06 | not yet calculated | CVE-2023-39265 MISC |
| go_standard_library -- html_template |
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | 2023-09-08 | not yet calculated | CVE-2023-39318 MISC MISC MISC MISC |
| go_standard_library -- html_template |
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | 2023-09-08 | not yet calculated | CVE-2023-39319 MISC MISC MISC MISC |
| go_toolchain -- cmd/go |
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. | 2023-09-08 | not yet calculated | CVE-2023-39320 MISC MISC MISC MISC |
| go_standard_library -- crypto/tls |
Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | 2023-09-08 | not yet calculated | CVE-2023-39321 MISC MISC MISC MISC |
| go_standard_library -- crypto/tls |
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. | 2023-09-08 | not yet calculated | CVE-2023-39322 MISC MISC MISC MISC |
| cacti -- cacti |
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | not yet calculated | CVE-2023-39364 MISC |
| resort_data_processing,_inc. -- irm_next_generation |
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application. | 2023-09-07 | not yet calculated | CVE-2023-39420 MISC |
| resort_data_processing,_inc. -- irm_next_generation |
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services. | 2023-09-07 | not yet calculated | CVE-2023-39421 MISC |
| resort_data_processing,_inc. -- irm_next_generation |
The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless. | 2023-09-07 | not yet calculated | CVE-2023-39422 MISC |
| resort_data_processing,_inc. -- irm_next_generation |
The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user. | 2023-09-07 | not yet calculated | CVE-2023-39423 MISC |
| resort_data_processing,_inc. -- irm_next_generation |
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. | 2023-09-07 | not yet calculated | CVE-2023-39424 MISC |
| cacti -- cacti |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output. | 2023-09-06 | not yet calculated | CVE-2023-39511 MISC |
| hexo -- hexo |
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | 2023-09-08 | not yet calculated | CVE-2023-39584 MISC MISC MISC |
| icewarp_inc. -- webclient |
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. | 2023-09-05 | not yet calculated | CVE-2023-39598 MISC |
| buffalo_america_inc. -- terastation_nas_ts5410r |
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | 2023-09-08 | not yet calculated | CVE-2023-39620 MISC |
| prestasho -- prestashop |
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. | 2023-09-08 | not yet calculated | CVE-2023-39676 MISC MISC MISC |
| sourcecodester -- free_and_open_source_inventory_management_system |
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. | 2023-09-07 | not yet calculated | CVE-2023-39711 MISC MISC MISC |
| sourcecodester -- free_and_open_source_inventory_management_system |
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. | 2023-09-08 | not yet calculated | CVE-2023-39712 MISC MISC MISC |
| tp-link -- archer_c5400 |
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-39935 MISC MISC |
| electron -- electron |
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron. | 2023-09-06 | not yet calculated | CVE-2023-39956 MISC |
| wiremock -- wiremock |
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives. | 2023-09-06 | not yet calculated | CVE-2023-39967 MISC |
| argo_cd -- argo_cd |
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal. | 2023-09-07 | not yet calculated | CVE-2023-40029 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2. | 2023-09-06 | not yet calculated | CVE-2023-4015 MISC MISC MISC |
| wordpress -- wordpress |
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. | 2023-09-04 | not yet calculated | CVE-2023-4019 MISC |
| tp-link -- deco_m4 |
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-40193 MISC MISC |
| trusted_firmware-m -- trusted_firmware-m |
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8. | 2023-09-08 | not yet calculated | CVE-2023-40271 MISC MISC |
| sap_se -- sap_s/4hana |
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | 2023-09-08 | not yet calculated | CVE-2023-40306 MISC |
| samsung-- exynos |
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application. | 2023-09-08 | not yet calculated | CVE-2023-40353 MISC |
| tp-link -- multiple_products |
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. | 2023-09-06 | not yet calculated | CVE-2023-40357 MISC MISC MISC MISC MISC |
| apple -- macos_ventura |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. | 2023-09-06 | not yet calculated | CVE-2023-40392 MISC MISC MISC MISC |
| apple -- macos_ventura |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. | 2023-09-06 | not yet calculated | CVE-2023-40397 MISC |
| tp-link -- archer_ax6000 |
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | 2023-09-06 | not yet calculated | CVE-2023-40531 MISC MISC |
| argo_cd -- argo_cd |
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts. | 2023-09-07 | not yet calculated | CVE-2023-40584 MISC MISC |
| golang -- golang |
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-40591 MISC MISC MISC |
| solarview_compact -- solarview_compact |
SolarView Compact < 6.00 is vulnerable to Directory Traversal. | 2023-09-08 | not yet calculated | CVE-2023-40924 MISC MISC |
| tenda -- ac9 |
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. | 2023-09-07 | not yet calculated | CVE-2023-40942 MISC |
| icms -- icms |
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-09-08 | not yet calculated | CVE-2023-40953 MISC MISC |
| china_mobile_communications -- china_mobile_intelligent_home_gateway |
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. | 2023-09-05 | not yet calculated | CVE-2023-41012 MISC |
| zope -- zope |
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-41050 MISC MISC |
| redis -- redis |
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-41053 MISC MISC |
| apple -- multiple_products |
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-09-07 | not yet calculated | CVE-2023-41061 MISC MISC MISC MISC MISC MISC |
| apple -- multiple_products |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-09-07 | not yet calculated | CVE-2023-41064 MISC MISC MISC MISC MISC MISC |
| tef-dokumentation_gmbh -- tef_portal | TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. | 2023-09-05 | not yet calculated | CVE-2023-41107 MISC MISC |
| tef-dokumentation_gmbh -- tef_portal | TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. | 2023-09-05 | not yet calculated | CVE-2023-41108 MISC MISC |
| usermin -- usermin |
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. | 2023-09-07 | not yet calculated | CVE-2023-41161 MISC MISC |
| tolgee -- tolgee |
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-07 | not yet calculated | CVE-2023-41316 MISC MISC |
| matrix-media-repo -- matrix-media-repo |
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround. | 2023-09-08 | not yet calculated | CVE-2023-41318 MISC MISC MISC MISC |
| ethyca -- fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default, this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`. | 2023-09-06 | not yet calculated | CVE-2023-41319 MISC MISC |
| wiremock -- wiremock |
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, if someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations. | 2023-09-06 | not yet calculated | CVE-2023-41327 MISC MISC MISC |
| frappe -- frappe |
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading. | 2023-09-06 | not yet calculated | CVE-2023-41328 MISC MISC MISC |
| wiremock -- wiremock |
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names. | 2023-09-06 | not yet calculated | CVE-2023-41329 MISC MISC |
| knplabs -- knplabs/knp-snappy |
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function. | 2023-09-06 | not yet calculated | CVE-2023-41330 MISC MISC MISC |
| gofiber -- fiber |
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version. | 2023-09-08 | not yet calculated | CVE-2023-41338 MISC MISC MISC MISC |
| super_store_finder -- super_store_finder |
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | 2023-09-05 | not yet calculated | CVE-2023-41508 MISC MISC |
| cockpit-hq -- cockpit_cms |
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. | 2023-09-08 | not yet calculated | CVE-2023-41564 MISC |
| blood_bank_&_donor_management -- blood_bank_&_donor_management |
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | 2023-09-08 | not yet calculated | CVE-2023-41575 MISC |
| jeecg -- jeecg |
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. | 2023-09-08 | not yet calculated | CVE-2023-41578 MISC |
| dairy_farm_shop_management_system -- dairy_farm_shop_management_system |
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | 2023-09-08 | not yet calculated | CVE-2023-41594 MISC MISC MISC |
| csz_cms -- csz_cms |
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters. | 2023-09-06 | not yet calculated | CVE-2023-41601 MISC MISC |
| phpgurukul -- zoo_management_system |
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. | 2023-09-08 | not yet calculated | CVE-2023-41615 MISC MISC MISC |
| buttercup -- buttercup |
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ | 2023-09-07 | not yet calculated | CVE-2023-41646 MISC MISC |
| apple -- macos |
Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent. | 2023-09-08 | not yet calculated | CVE-2023-41775 MISC MISC |
| openpmix -- pmix |
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 2023-09-09 | not yet calculated | CVE-2023-41915 MISC CONFIRM CONFIRM |
| jenkins -- jenkins |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. | 2023-09-06 | not yet calculated | CVE-2023-41930 MISC MISC |
| jenkins -- jenkins |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-41931 MISC MISC |
| jenkins -- jenkins |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'. | 2023-09-06 | not yet calculated | CVE-2023-41932 MISC MISC |
| jenkins -- jenkins |
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-09-06 | not yet calculated | CVE-2023-41933 MISC MISC |
| jenkins -- jenkins |
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked. | 2023-09-06 | not yet calculated | CVE-2023-41934 MISC MISC |
| jenkins -- jenkins |
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce. | 2023-09-06 | not yet calculated | CVE-2023-41935 MISC MISC |
| jenkins -- jenkins |
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token. | 2023-09-06 | not yet calculated | CVE-2023-41936 MISC MISC |
| jenkins -- jenkins |
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | 2023-09-06 | not yet calculated | CVE-2023-41937 MISC MISC |
| jenkins -- jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | 2023-09-06 | not yet calculated | CVE-2023-41938 MISC MISC |
| jenkins -- jenkins |
Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to. | 2023-09-06 | not yet calculated | CVE-2023-41939 MISC MISC |
| jenkins -- jenkins |
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | 2023-09-06 | not yet calculated | CVE-2023-41940 MISC MISC |
| jenkins -- jenkins |
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. | 2023-09-06 | not yet calculated | CVE-2023-41941 MISC MISC |
| jenkins -- jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. | 2023-09-06 | not yet calculated | CVE-2023-41942 MISC MISC |
| jenkins -- jenkins |
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | 2023-09-06 | not yet calculated | CVE-2023-41943 MISC MISC |
| jenkins -- jenkins |
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | 2023-09-06 | not yet calculated | CVE-2023-41944 MISC MISC |
| jenkins -- jenkins |
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted. | 2023-09-06 | not yet calculated | CVE-2023-41945 MISC MISC |
| jenkins -- jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username. | 2023-09-06 | not yet calculated | CVE-2023-41946 MISC MISC |
| jenkins -- jenkins |
A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | 2023-09-06 | not yet calculated | CVE-2023-41947 MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. | 2023-09-06 | not yet calculated | CVE-2023-4206 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec. | 2023-09-06 | not yet calculated | CVE-2023-4207 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. | 2023-09-06 | not yet calculated | CVE-2023-4208 MISC MISC MISC |
| jeecg -- jeecg | Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. | 2023-09-08 | not yet calculated | CVE-2023-42268 MISC |
| hutool -- hutool |
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | 2023-09-08 | not yet calculated | CVE-2023-42276 MISC |
| hutool -- hutool |
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. | 2023-09-08 | not yet calculated | CVE-2023-42277 MISC |
| hutool -- hutool |
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | 2023-09-08 | not yet calculated | CVE-2023-42278 MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. | 2023-09-06 | not yet calculated | CVE-2023-4244 MISC MISC |
| wordpress -- wordpress |
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. | 2023-09-04 | not yet calculated | CVE-2023-4279 MISC |
| beyondtrust -- privileged_remote_access |
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3. | 2023-09-05 | not yet calculated | CVE-2023-4310 MISC MISC |
| ardereg -- sistemas_scada |
ARDEREG Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes. | 2023-09-06 | not yet calculated | CVE-2023-4485 MISC |
| tenda -- n300 |
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only | 2023-09-06 | not yet calculated | CVE-2023-4498 MISC |
| redwood_software -- jscape_mft_server |
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface | 2023-09-07 | not yet calculated | CVE-2023-4528 MISC MISC |
| delinea -- secret_server |
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text. | 2023-09-06 | not yet calculated | CVE-2023-4588 MISC |
| delinea -- secret_server |
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update. | 2023-09-06 | not yet calculated | CVE-2023-4589 MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus, there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. | 2023-09-06 | not yet calculated | CVE-2023-4622 MISC MISC MISC |
| linux -- kernel |
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e., with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. | 2023-09-06 | not yet calculated | CVE-2023-4623 MISC MISC |
| delta_electronics -- cncsoft-b_dopsoft |
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2023-09-07 | not yet calculated | CVE-2023-4685 MISC |
| dreamer_cms -- dreamer_cms |
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | not yet calculated | CVE-2023-4743 MISC MISC MISC |
| byzoro -- smart_s85f_management_platform |
A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability. | 2023-09-04 | not yet calculated | CVE-2023-4745 MISC MISC MISC |
| jenkins -- jenkins |
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 2023-09-08 | not yet calculated | CVE-2023-4777 MISC |
| hashicorp -- terraform |
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. | 2023-09-08 | not yet calculated | CVE-2023-4782 MISC |
| openssl -- openssl |
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However, given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However, we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. | 2023-09-08 | not yet calculated | CVE-2023-4807 MISC MISC MISC MISC MISC MISC |
| answerdev -- answerdev/answer |
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead, a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host. | 2023-09-06 | not yet calculated | CVE-2023-4809 MISC MISC MISC MISC |
| answerdev -- answerdev/answer |
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. | 2023-09-07 | not yet calculated | CVE-2023-4815 MISC MISC |
| pegasystems -- pega_platform |
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. | 2023-09-08 | not yet calculated | CVE-2023-4843 MISC |
| sourcecodester -- inventory_management_system |
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability. | 2023-09-08 | not yet calculated | CVE-2023-4844 MISC MISC MISC |
| sourcecodester -- simple_membership_system |
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4845 MISC MISC MISC |
| sourcecodester -- simple_membership_system |
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255. | 2023-09-09 | not yet calculated | CVE-2023-4846 MISC MISC MISC |
| sourcecodester -- simple_book_catalog_app |
A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256. | 2023-09-09 | not yet calculated | CVE-2023-4847 MISC MISC MISC |
| sourcecodester -- simple_book_catalog_app |
A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4848 MISC MISC MISC |
| ibos -- ibos |
A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239258 is the identifier assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4849 MISC MISC MISC |
| ibos -- ibos |
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259. | 2023-09-09 | not yet calculated | CVE-2023-4850 MISC MISC MISC |
| ibos -- ibos |
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260. | 2023-09-09 | not yet calculated | CVE-2023-4851 MISC MISC MISC |
| ibos -- ibos |
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4852 MISC MISC MISC |
| sourcecodester -- take-note_app |
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4864 MISC MISC MISC |
| sourcecodester -- take-note_app |
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability. | 2023-09-09 | not yet calculated | CVE-2023-4865 MISC MISC MISC |
| mutt -- mutt |
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 2023-09-09 | not yet calculated | CVE-2023-4874 MISC MISC MISC |
| mutt -- mutt |
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 2023-09-09 | not yet calculated | CVE-2023-4875 MISC MISC MISC |
Vulnerability Summary for the Week of August 28, 2023
Posted on Wednesday September 06, 2023
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| earcms -- ear_app | An issue found in Earcms Ear App v.20181124 allows a remote cyber threat actor to execute arbitrary code via the uload/index-uplog.php. | 2023-08-29 | 9.8 | CVE-2020-18912 MISC MISC |
| tripspark -- veo_transportation_novusedu | TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. | 2023-08-29 | 9.8 | CVE-2021-3262 MISC MISC MISC |
| motorola_mobility -- mbts_site_controller_firmware | Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | 2023-08-29 | 9.8 | CVE-2023-23770 MISC |
| ibm -- guardium_cloud_key_manager | IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote cyber threat actor to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, a cyber threat actor could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119. | 2023-08-28 | 9.8 | CVE-2023-26270 MISC MISC |
| schweitzer_engineering_laboratories -- sel-5037_sel_grid_configurator | An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to run system commands with the highest-level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 2023-08-31 | 9.8 | CVE-2023-31175 MISC MISC |
| broadcom -- brocade_sannav | Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | 2023-08-31 | 9.8 | CVE-2023-31424 MISC |
| wordpress -- wordpress | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated cyber threat actors to log in as users who have orders, who are typically customers. | 2023-08-31 | 9.8 | CVE-2023-3162 MISC MISC MISC |
| chitor-cms -- chitor-cms | Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. | 2023-08-30 | 9.8 | CVE-2023-31714 MISC MISC MISC MISC |
| e-excellence -- u-office_force | e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote cyber threat actor without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | 2023-08-25 | 9.8 | CVE-2023-32757 MISC |
| vmware -- aria_operations_for_networks | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 2023-08-29 | 9.8 | CVE-2023-34039 MISC MISC |
| zoho_corp -- manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass. | 2023-08-28 | 9.8 | CVE-2023-35785 MISC MISC |
| relic_project -- relic | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows cyber threat actors to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | 2023-09 |