google — chrome |
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) |
2023-08-25 |
not yet calculated |
CVE-2019-13689 MISC MISC |
google — chrome |
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) |
2023-08-25 |
not yet calculated |
CVE-2019-13690 MISC MISC |
stormshield — stormshield_network_security |
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. |
2023-08-25 |
not yet calculated |
CVE-2020-11711 MISC MISC MISC |
hwclock.13-v2.27 — hwclock.13-v2.27 |
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. |
2023-08-22 |
not yet calculated |
CVE-2020-21583 MISC MISC |
tengine — tengine |
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. |
2023-08-22 |
not yet calculated |
CVE-2020-21699 MISC |
yealink — w60b |
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). |
2023-08-22 |
not yet calculated |
CVE-2020-24113 MISC |
artifex_software — mupdf |
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. |
2023-08-22 |
not yet calculated |
CVE-2020-26683 MISC |
stormshield — stormshield_network_security |
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. |
2023-08-25 |
not yet calculated |
CVE-2021-27932 MISC MISC |
opensc — opensc |
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. |
2023-08-22 |
not yet calculated |
CVE-2021-34193 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
samsung — syncthru_web_service |
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. |
2023-08-22 |
not yet calculated |
CVE-2021-35309 MISC MISC |
freeimage — freeimage |
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. |
2023-08-22 |
not yet calculated |
CVE-2021-40263 MISC |
nervuri — e_os |
Improper verification of applications’ cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user’s systems by altering the server’s API response. |
2023-08-22 |
not yet calculated |
CVE-2021-43171 MISC MISC |
djvulibre — djvulibre |
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. |
2023-08-22 |
not yet calculated |
CVE-2021-46310 MISC |
djvulibre– djvulibre |
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. |
2023-08-22 |
not yet calculated |
CVE-2021-46312 MISC |
etcd — etcd |
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go |
2023-08-22 |
not yet calculated |
CVE-2022-34038 MISC MISC |
gnu — binutils |
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. |
2023-08-22 |
not yet calculated |
CVE-2022-35205 MISC |
gnu — binutils |
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. |
2023-08-22 |
not yet calculated |
CVE-2022-35206 MISC |
freedesktop — poppler |
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. |
2023-08-22 |
not yet calculated |
CVE-2022-37050 MISC MISC |
lenovo — notebook |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. |
2023-08-23 |
not yet calculated |
CVE-2022-3742 MISC |
lenovo — notebook |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. |
2023-08-23 |
not yet calculated |
CVE-2022-3743 MISC |
lenovo — notebook |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. |
2023-08-23 |
not yet calculated |
CVE-2022-3744 MISC |
lenovo — notebook |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. |
2023-08-23 |
not yet calculated |
CVE-2022-3745 MISC |
lenovo — notebook |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. |
2023-08-23 |
not yet calculated |
CVE-2022-3746 MISC |
freedesktop — poppler |
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. |
2023-08-22 |
not yet calculated |
CVE-2022-38349 MISC MISC |
oracle — jdk |
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. |
2023-08-22 |
not yet calculated |
CVE-2022-40433 MISC MISC MISC MISC |
libsass — libsass |
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. |
2023-08-22 |
not yet calculated |
CVE-2022-43357 MISC MISC MISC |
sass-lang — libsass |
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). |
2023-08-22 |
not yet calculated |
CVE-2022-43358 MISC MISC MISC |
south_river_technologie — titan_ftp |
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. |
2023-08-22 |
not yet calculated |
CVE-2022-44215 MISC MISC |
google — chrome |
Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
2023-08-25 |
not yet calculated |
CVE-2022-4452 MISC MISC |
oracle — apache_xml_graphics_batik |
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. |
2023-08-22 |
not yet calculated |
CVE-2022-44730 MISC MISC MISC MISC |
openmns — horizon |
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. |
2023-08-22 |
not yet calculated |
CVE-2022-45582 MISC MISC |
fresenius_kabi — pharmahelp |
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. |
2023-08-22 |
not yet calculated |
CVE-2022-45611 MISC |
oracle — apache_ivy/apache_maven |
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files – either its own configuration, Ivy files or Apache Maven POMs – it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about “JAXP Properties for External Access restrictions” inside Oracle’s “Java API for XML Processing (JAXP) Security Guide”. |
2023-08-21 |
not yet calculated |
CVE-2022-46751 MISC MISC MISC MISC |
mozilla — firefox |
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. |
2023-08-24 |
not yet calculated |
CVE-2022-46884 MISC MISC |
open-mpi — open-mpi |
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. |
2023-08-22 |
not yet calculated |
CVE-2022-47022 MISC |
busybox — busybox |
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. |
2023-08-22 |
not yet calculated |
CVE-2022-48174 MISC |
perl — perl |
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. |
2023-08-22 |
not yet calculated |
CVE-2022-48522 MISC |
cacti — cacti |
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. |
2023-08-22 |
not yet calculated |
CVE-2022-48538 MISC MISC |
xpdf — xpdf |
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. |
2023-08-22 |
not yet calculated |
CVE-2022-48545 MISC |
python — python |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. |
2023-08-22 |
not yet calculated |
CVE-2022-48565 MISC |
python — python |
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. |
2023-08-22 |
not yet calculated |
CVE-2022-48566 MISC |
mongodb_inc — mongodb_server |
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-1409 MISC MISC |
cisco — cisco_nx-os_software |
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability. |
2023-08-23 |
not yet calculated |
CVE-2023-20115 MISC |
cisco — cisco_nx-os_software |
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. |
2023-08-23 |
not yet calculated |
CVE-2023-20168 MISC |
cisco — cisco_nx-os_software |
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. |
2023-08-23 |
not yet calculated |
CVE-2023-20169 MISC |
cisco — cisco_unified_computing_system |
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device. |
2023-08-23 |
not yet calculated |
CVE-2023-20200 MISC |
cisco — cisco_application_policy_infrastructure_controller |
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. |
2023-08-23 |
not yet calculated |
CVE-2023-20230 MISC |
cisco — multiple_products |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. |
2023-08-23 |
not yet calculated |
CVE-2023-20234 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-24394 MISC |
esoteric_software — yamlbeans |
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception. |
2023-08-25 |
not yet calculated |
CVE-2023-24620 MISC MISC MISC |
esoteric_software — yamlbeans |
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed. |
2023-08-25 |
not yet calculated |
CVE-2023-24621 MISC MISC MISC |
zte — mf286r |
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. |
2023-08-25 |
not yet calculated |
CVE-2023-25649 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-25981 MISC |
wireshark — wireshark |
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. |
2023-08-25 |
not yet calculated |
CVE-2023-2906 MISC MISC |
sick_ag — lms5xx |
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. |
2023-08-24 |
not yet calculated |
CVE-2023-31412 MISC MISC MISC |
draytek — vigor2620 |
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. |
2023-08-21 |
not yet calculated |
CVE-2023-31447 MISC MISC |
gravitl — netmaker |
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2023-08-24 |
not yet calculated |
CVE-2023-32077 MISC MISC MISC MISC |
gravitl — netmaker |
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user’s username, it was possible to update the other user’s password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2023-08-24 |
not yet calculated |
CVE-2023-32078 MISC MISC MISC |
gravitl — netmaker |
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2023-08-24 |
not yet calculated |
CVE-2023-32079 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32119 MISC |
walchem — intuition_9 |
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. |
2023-08-23 |
not yet calculated |
CVE-2023-32202 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32236 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32300 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32496 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32497 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32498 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32499 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32505 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. |
2023-08-23 |
not yet calculated |
CVE-2023-32509 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. |
2023-08-24 |
not yet calculated |
CVE-2023-32510 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions. |
2023-08-24 |
not yet calculated |
CVE-2023-32511 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions. |
2023-08-24 |
not yet calculated |
CVE-2023-32516 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32518 MISC |
node.js — node.js |
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(‘spawn_sync’)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. |
2023-08-24 |
not yet calculated |
CVE-2023-32559 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32575 MISC |
wordpress — wordpress |
Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32576 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32577 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32584 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32591 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32595 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32596 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32598 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32603 MISC |
zulip — zulip |
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. |
2023-08-25 |
not yet calculated |
CVE-2023-32678 MISC MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. |
2023-08-25 |
not yet calculated |
CVE-2023-32797 MISC |
ibm — txseries_for_multiplatforms |
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. |
2023-08-22 |
not yet calculated |
CVE-2023-33850 MISC MISC MISC MISC |
spring — spring_for_apache_kafka |
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. |
2023-08-24 |
not yet calculated |
CVE-2023-34040 MISC |
m-files — m-files_web |
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server |
2023-08-25 |
not yet calculated |
CVE-2023-3406 MISC |
m-files — m-files_server |
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. |
2023-08-25 |
not yet calculated |
CVE-2023-3425 MISC |
etic_telecom — remote_access_server |
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. |
2023-08-23 |
not yet calculated |
CVE-2023-3453 MISC |
techview — la-5570 |
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. |
2023-08-25 |
not yet calculated |
CVE-2023-34723 MISC MISC |
supermicro — x12dpg-qr |
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. |
2023-08-22 |
not yet calculated |
CVE-2023-34853 MISC MISC |
qnap_systems_inc. — qts |
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later |
2023-08-24 |
not yet calculated |
CVE-2023-34971 MISC |
qnap_systems_inc. — qts |
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later |
2023-08-24 |
not yet calculated |
CVE-2023-34972 MISC |
qnap_systems_inc. — qts |
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later |
2023-08-24 |
not yet calculated |
CVE-2023-34973 MISC |
skale_network_sgxwallet — skale_network_sgxwallet |
Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. |
2023-08-25 |
not yet calculated |
CVE-2023-36198 MISC |
skale_network_sgxwallet — skale_network_sgxwallet |
An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. |
2023-08-25 |
not yet calculated |
CVE-2023-36199 MISC |
asustor — adm |
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. |
2023-08-22 |
not yet calculated |
CVE-2023-3699 MISC |
aditya_infotech_limited — cp-plus_dvr |
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. |
2023-08-24 |
not yet calculated |
CVE-2023-3704 MISC |
aditya_infotech_limited — cp-plus_nvr |
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. |
2023-08-24 |
not yet calculated |
CVE-2023-3705 MISC |
infoblox — nios |
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. |
2023-08-25 |
not yet calculated |
CVE-2023-37249 CONFIRM MISC |
oracle — apache_airflow |
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. |
2023-08-23 |
not yet calculated |
CVE-2023-37379 MISC MISC MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. |
2023-08-22 |
not yet calculated |
CVE-2023-37421 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. |
2023-08-22 |
not yet calculated |
CVE-2023-37422 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. |
2023-08-22 |
not yet calculated |
CVE-2023-37423 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker’s control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. |
2023-08-22 |
not yet calculated |
CVE-2023-37424 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. |
2023-08-22 |
not yet calculated |
CVE-2023-37425 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37426 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. |
2023-08-22 |
not yet calculated |
CVE-2023-37427 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. |
2023-08-22 |
not yet calculated |
CVE-2023-37428 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37429 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37430 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37431 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37432 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37433 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37434 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37435 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37436 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37437 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37438 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. |
2023-08-22 |
not yet calculated |
CVE-2023-37439 MISC |
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator |
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. |
2023-08-22 |
not yet calculated |
CVE-2023-37440 MISC |
icewhaletech — casaos |
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. |
2023-08-24 |
not yet calculated |
CVE-2023-37469 MISC MISC MISC MISC MISC |
keylime — keylime |
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. |
2023-08-25 |
not yet calculated |
CVE-2023-38201 MISC MISC MISC MISC |
walchem — intuition_9 |
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. |
2023-08-23 |
not yet calculated |
CVE-2023-38422 MISC |
tuleap — tuleap |
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. |
2023-08-24 |
not yet calculated |
CVE-2023-38508 MISC MISC MISC MISC |
cbc_co._ltd. — multiple_products |
Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. |
2023-08-23 |
not yet calculated |
CVE-2023-38585 MISC MISC MISC |
bento4 — bento4 |
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. |
2023-08-22 |
not yet calculated |
CVE-2023-38666 MISC |
nasm — nasm |
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. |
2023-08-22 |
not yet calculated |
CVE-2023-38667 MISC |
nasm — nasm |
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). |
2023-08-22 |
not yet calculated |
CVE-2023-38668 MISC |
libreswan — libreswan |
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload’s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. |
2023-08-25 |
not yet calculated |
CVE-2023-38710 MISC MISC |
libreswan — libreswan |
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. |
2023-08-25 |
not yet calculated |
CVE-2023-38711 MISC MISC |
libreswan — libreswan |
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. |
2023-08-25 |
not yet calculated |
CVE-2023-38712 MISC MISC |
rarlabs — winrar |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. |
2023-08-23 |
not yet calculated |
CVE-2023-38831 MISC MISC MISC |
uasoft — badaso |
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. |
2023-08-25 |
not yet calculated |
CVE-2023-38973 MISC |
uasoft — badaso |
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. |
2023-08-25 |
not yet calculated |
CVE-2023-38974 MISC |
subscription-manager — subscription-manager |
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. |
2023-08-23 |
not yet calculated |
CVE-2023-3899 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
douran — dsgate |
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. |
2023-08-22 |
not yet calculated |
CVE-2023-38996 MISC MISC MISC |
filemage — filemage_gateway |
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. |
2023-08-22 |
not yet calculated |
CVE-2023-39026 MISC MISC |
nacos_group — nacos_spring_project |
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. |
2023-08-21 |
not yet calculated |
CVE-2023-39106 MISC |
webui-aria2 — webui-aria2 |
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. |
2023-08-22 |
not yet calculated |
CVE-2023-39141 MISC MISC |
mitel_networks_corp. — mivoice_connect |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. |
2023-08-25 |
not yet calculated |
CVE-2023-39287 MISC MISC |
mitel_networks_corp. — mivoice_connect |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. |
2023-08-25 |
not yet calculated |
CVE-2023-39288 MISC MISC |
mitel_networks_corp. — mivoice_connect |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. |
2023-08-25 |
not yet calculated |
CVE-2023-39289 MISC MISC |
mitel_networks_corp. — mivoice_connect |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. |
2023-08-25 |
not yet calculated |
CVE-2023-39290 MISC MISC |
mitel_networks_corp. — mivoice_connect |
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. |
2023-08-25 |
not yet calculated |
CVE-2023-39291 MISC MISC |
oracle — apache_airflow |
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server’s X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability |
2023-08-23 |
not yet calculated |
CVE-2023-39441 MISC MISC MISC MISC MISC |
fit2cloud — cloudexplorer_lite |
Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0. |
2023-08-24 |
not yet calculated |
CVE-2023-39519 MISC MISC |
tuleap — tuleap |
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the “card fields” (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. |
2023-08-24 |
not yet calculated |
CVE-2023-39521 MISC MISC MISC MISC |
csz_cms — csz_cms |
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. |
2023-08-22 |
not yet calculated |
CVE-2023-39599 MISC MISC |
icewarp_inc. — icewarp |
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. |
2023-08-25 |
not yet calculated |
CVE-2023-39600 MISC MISC |
icewarp_inc. — icewarp_mail_server |
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. |
2023-08-25 |
not yet calculated |
CVE-2023-39699 MISC MISC MISC |
icewarp_inc. — icewarp_mail_server |
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. |
2023-08-25 |
not yet calculated |
CVE-2023-39700 MISC MISC MISC |
sourcecodester — free_and_open_source_inventory_management_system |
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. |
2023-08-25 |
not yet calculated |
CVE-2023-39707 MISC MISC MISC |
giflib– giflib |
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. |
2023-08-25 |
not yet calculated |
CVE-2023-39742 MISC MISC |
renault — easy_link_multimedia_system |
A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle’s USB plug and play feature. |
2023-08-24 |
not yet calculated |
CVE-2023-39801 MISC |
pbootcms — pbootcms |
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. |
2023-08-24 |
not yet calculated |
CVE-2023-39834 MISC |
geonode — geonode |
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. |
2023-08-24 |
not yet calculated |
CVE-2023-40017 MISC MISC |
rizin — rizin |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. |
2023-08-24 |
not yet calculated |
CVE-2023-40022 MISC MISC MISC MISC MISC |
argo_cd — argo_cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1. |
2023-08-23 |
not yet calculated |
CVE-2023-40025 MISC MISC |
rust-lang — cargo |
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build –timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build –timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [“<img src=” onerror=alert(0)”]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. |
2023-08-24 |
not yet calculated |
CVE-2023-40030 MISC MISC MISC MISC |
notepad-plus-plus — notepad-plus-plus |
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. |
2023-08-25 |
not yet calculated |
CVE-2023-40031 MISC |
craft_cms — craft_cms |
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15. |
2023-08-23 |
not yet calculated |
CVE-2023-40035 MISC MISC MISC MISC |
notepad-plus-plus — notepad-plus-plus |
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. |
2023-08-25 |
not yet calculated |
CVE-2023-40036 MISC |
cbc_co._ltd. — multiple_products |
OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. |
2023-08-23 |
not yet calculated |
CVE-2023-40144 MISC MISC MISC |
cbc_co._ltd. — multiple_products |
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. |
2023-08-23 |
not yet calculated |
CVE-2023-40158 MISC MISC MISC |
notepad-plus-plus — notepad-plus-plus |
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. |
2023-08-25 |
not yet calculated |
CVE-2023-40164 MISC |
notepad-plus-plus — notepad-plus-plus |
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. |
2023-08-25 |
not yet calculated |
CVE-2023-40166 MISC |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. |
2023-08-23 |
not yet calculated |
CVE-2023-40176 MISC MISC MISC |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the “AppWithinMinutes.Content“ author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the “display“ script service to render the content we make sure that the proper author is used for access rights checks. |
2023-08-23 |
not yet calculated |
CVE-2023-40177 MISC MISC MISC |
node-saml — node-saml |
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5. |
2023-08-23 |
not yet calculated |
CVE-2023-40178 MISC MISC MISC |
silverware_games_inc. — silverware_games |
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the “Enter the code” form if the email is associated with a member of the site. Since version 1.3.6, the “Enter the code” form is always returned, showing the message “If the entered email is associated with an account, a code will be sent now”. This change prevents potential violators from determining if our site has a user with the specified email. |
2023-08-25 |
not yet calculated |
CVE-2023-40179 MISC |
silverware_games_inc. — silverware_games |
Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7. |
2023-08-25 |
not yet calculated |
CVE-2023-40182 MISC |
shescape — shescape |
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4. |
2023-08-23 |
not yet calculated |
CVE-2023-40185 MISC MISC MISC MISC |
python — python |
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as “not connected” and won’t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) |
2023-08-25 |
not yet calculated |
CVE-2023-40217 CONFIRM MISC |
oracle — apache_airflow |
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin – up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. |
2023-08-23 |
not yet calculated |
CVE-2023-40273 MISC MISC MISC |
ibm — aix |
IBM AIX 7.2, 7.3, VIOS 3.1’s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. |
2023-08-24 |
not yet calculated |
CVE-2023-40371 MISC MISC |
silicon_labs — arm |
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects “Standalone” and “Application” versions of Gecko Bootloader. |
2023-08-23 |
not yet calculated |
CVE-2023-4041 MISC |
ghostscript — ghostscript |
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. |
2023-08-23 |
not yet calculated |
CVE-2023-4042 MISC MISC MISC |
skylark_app_for_android — skylark_app_for_android |
Improper authorization in handler for custom URL scheme issue in ‘Skylark’ App for Android 6.2.13 and earlier and ‘Skylark’ App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user’s device. |
2023-08-25 |
not yet calculated |
CVE-2023-40530 MISC MISC MISC |
datasette — datasette |
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha – 1.0a0, 1.0a1, 1.0a2 or 1.0a3 – in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables – but not their contents – to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4. |
2023-08-25 |
not yet calculated |
CVE-2023-40570 MISC MISC |
weblogic-framework — weblogic-framework |
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue. |
2023-08-25 |
not yet calculated |
CVE-2023-40571 MISC MISC |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo – Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. |
2023-08-24 |
not yet calculated |
CVE-2023-40572 MISC MISC MISC |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn’t modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with “Job content executed” will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1. |
2023-08-24 |
not yet calculated |
CVE-2023-40573 MISC MISC MISC |
alertmanager — alertmanager |
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. |
2023-08-25 |
not yet calculated |
CVE-2023-40577 MISC |
openfga — openfga |
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. |
2023-08-25 |
not yet calculated |
CVE-2023-40579 MISC MISC |
freighter — freighter |
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1. |
2023-08-25 |
not yet calculated |
CVE-2023-40580 MISC MISC MISC |
libp2p — libp2p |
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4. |
2023-08-25 |
not yet calculated |
CVE-2023-40583 MISC MISC MISC MISC |
ironic-image — ironic-image |
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t …`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place. |
2023-08-25 |
not yet calculated |
CVE-2023-40585 MISC MISC |
golang — owasp_coraza_waf |
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1. |
2023-08-25 |
not yet calculated |
CVE-2023-40586 MISC MISC |
pylons — pyramid |
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view’s file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. |
2023-08-25 |
not yet calculated |
CVE-2023-40587 MISC MISC MISC MISC |
mailform_pro_cgi — mailform_pro_cgi |
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. |
2023-08-25 |
not yet calculated |
CVE-2023-40599 MISC MISC |
openmns — horizon |
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. |
2023-08-23 |
not yet calculated |
CVE-2023-40612 MISC MISC |
opto_22 — snap_pac_s1 |
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login. |
2023-08-24 |
not yet calculated |
CVE-2023-40706 MISC |
opto_22 — snap_pac_s1 |
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don’t set up complex credentials. |
2023-08-24 |
not yet calculated |
CVE-2023-40707 MISC |
opto_22 — snap_pac_s1 |
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. |
2023-08-24 |
not yet calculated |
CVE-2023-40708 MISC |
opto_22 — snap_pac_s1 |
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b |
2023-08-24 |
not yet calculated |
CVE-2023-40709 MISC |
opto_22 — snap_pac_s1 |
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b |
2023-08-24 |
not yet calculated |
CVE-2023-40710 MISC |
butterfly_button — butterfly_button |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT – BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21. |
2023-08-21 |
not yet calculated |
CVE-2023-40735 MISC MISC MISC MISC MISC MISC |
phicomm — k2 |
Phicomm k2 v22.6.529.216 is vulnerable to command injection. |
2023-08-25 |
not yet calculated |
CVE-2023-40796 MISC |
tenda — ac23_firmware |
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. |
2023-08-25 |
not yet calculated |
CVE-2023-40797 MISC |
tenda — ac23_firmware |
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. |
2023-08-25 |
not yet calculated |
CVE-2023-40798 MISC |
tenda — ac23_firmware |
Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. |
2023-08-25 |
not yet calculated |
CVE-2023-40799 MISC |
tenda — ac23_firmware |
The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. |
2023-08-25 |
not yet calculated |
CVE-2023-40800 MISC |
tenda — ac23_firmware |
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
2023-08-25 |
not yet calculated |
CVE-2023-40801 MISC |
tenda — ac23_firmware |
The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
2023-08-25 |
not yet calculated |
CVE-2023-40802 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40891 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi. |
2023-08-24 |
not yet calculated |
CVE-2023-40892 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. |
2023-08-24 |
not yet calculated |
CVE-2023-40893 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40894 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40895 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. |
2023-08-24 |
not yet calculated |
CVE-2023-40896 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. |
2023-08-24 |
not yet calculated |
CVE-2023-40897 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40898 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40899 MISC |
tenda — ac8v4_firmware |
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. |
2023-08-24 |
not yet calculated |
CVE-2023-40900 MISC |
tenda — ac10v4_firmware |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40901 MISC |
tenda — ac10v4_firmware |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. |
2023-08-24 |
not yet calculated |
CVE-2023-40902 MISC |
tenda — ac10v4_firmware |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. |
2023-08-24 |
not yet calculated |
CVE-2023-40904 MISC |
tenda — ax3_firmware |
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. |
2023-08-25 |
not yet calculated |
CVE-2023-40915 MISC |
jupilink — rx4-1500 |
A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root. |
2023-08-23 |
not yet calculated |
CVE-2023-41028 MISC |
oracle — apache_tomcat |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
2023-08-25 |
not yet calculated |
CVE-2023-41080 MISC |
misp — misp |
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. |
2023-08-23 |
not yet calculated |
CVE-2023-41098 MISC |
typo3 — typo3 |
An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check. |
2023-08-23 |
not yet calculated |
CVE-2023-41100 MISC |
varnish_software — varnish_enterprise |
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. |
2023-08-23 |
not yet calculated |
CVE-2023-41104 MISC MISC MISC |
python — python |
An issue was discovered in Python 3.11 through 3.11.4. If a path containing ‘ |