www.cisa.gov
Open in
urlscan Pro
184.87.109.136
Public Scan
URL:
https://www.cisa.gov/news-events/bulletins/sb23-254
Submission Tags: falconsandbox
Submission: On April 18 via api from US — Scanned from SG
Submission Tags: falconsandbox
Submission: On April 18 via api from US — Scanned from SG
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content
An official website of the United States government
Here’s how you know
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.
#protect2024Secure Our WorldShields UpReport A Cyber Issue
Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency
Search
×
search
Menu
Close
×
search
* Topics
Topics
Cybersecurity Best Practices
Cyber Threats and Advisories
Critical Infrastructure Security and Resilience
Election Security
Emergency Communications
Industrial Control Systems
Information and Communications Technology Supply Chain Security
Partnerships and Collaboration
Physical Security
Risk Management
How can we help?
GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
* Spotlight
* Resources & Tools
Resources & Tools
All Resources & Tools
Services
Programs
Resources
Training
Groups
* News & Events
News & Events
News
Events
Cybersecurity Alerts & Advisories
Directives
Request a CISA Speaker
Congressional Testimony
CISA Conferences
CISA Live!
* Careers
Careers
Benefits & Perks
HireVue Applicant Reasonable Accommodations Process
Hiring
Resume & Application Tips
Students & Recent Graduates
Veteran and Military Spouses
Work @ CISA
* About
About
Culture
Divisions & Offices
Regions
Leadership
Doing Business with CISA
Site Links
Reporting Employee and Contractor Misconduct
CISA GitHub
2022 Year In Review
2023 Year In Review
Contact Us
#protect2024Secure Our WorldShields UpReport A Cyber Issue
America's Cyber Defense Agency
Breadcrumb
1. Home
2. News & Events
3. Bulletins
Share:
VULNERABILITY SUMMARY FOR THE WEEK OF SEPTEMBER 4, 2023
Released
Sep 11, 2023
Document ID
SB23-254
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that
have been recorded by the National Institute of Standards and
Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is
sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not
yet have assigned CVSS scores. Please visit NVD for updated vulnerability
entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures(link is
external) (CVE) vulnerability naming standard and are organized according to
severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
The division of high, medium, and low severities correspond to the following
scores:
* High: vulnerabilities with a CVSS base score of 7.0–10.0
* Medium: vulnerabilities with a CVSS base score of 4.0–6.9
* Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts
sponsored by CISA. This information may include identifying information, values,
definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletin is compiled from
external, open-source reports and is not a direct result of CISA analysis.
HIGH VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product canonical_ltd. -- snapd_for_linuxDescription Using the
TIOCLINUX ioctl request, a malicious snap could inject contents into the input
of the controlling terminal which could allow it to cause arbitrary commands to
be executed outside of the snap sandbox after the snap exits. Graphical terminal
emulators like xterm, gnome-terminal and others are not affected - this can only
be exploited when snaps are run on a virtual console.Published 2023-09-01CVSS
Score 10Source & Patch Info CVE-2023-1523
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product bmc -- server_automationDescription BMC Server Automation
before 8.9.01 patch 1 allows Process Spawner command execution because of
authentication bypass.Published 2023-09-05CVSS Score 9.8Source & Patch Info
CVE-2017-9453
MISC(link is external)Primary
Vendor -- Product mybb -- mybbDescription Installer RCE on settings file write
in MyBB before 1.8.22.Published 2023-09-01CVSS Score 9.8Source & Patch Info
CVE-2020-22612
MISC(link is external)Primary
Vendor -- Product qualcomm -- sd855Description A malformed DLC can trigger
Memory Corruption in SNPE library due to out of bounds read, such as by loading
an untrusted model (e.g., from a remote source).Published 2023-09-05CVSS Score
9.8Source & Patch Info CVE-2023-28543
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption while
handling payloads from remote ESL.Published 2023-09-05CVSS Score 9.8Source &
Patch Info CVE-2023-28562
MISC(link is external)Primary
Vendor -- Product qualcomm -- fastconnect_6800Description Memory corruption in
WLAN Firmware while parsing received GTK Keys in GTK KDE.Published
2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-28581
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- healthDescription Improper input validation
vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to
write arbitrary file with Samsung Health privilege.Published 2023-09-06CVSS
Score 9.8Source & Patch Info CVE-2023-30723
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
authentication bypass vulnerability exists in the OAS Engine functionality of
Open Automation Software OAS Platform v18.00.0072. A specially crafted series of
network requests can lead to arbitrary authentication. An attacker can send a
sequence of requests to trigger this vulnerability.Published 2023-09-05CVSS
Score 9.8Source & Patch Info CVE-2023-31242
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product bookreen -- bookreenDescription Incomplete List of Disallowed
Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue
affects Bookreen: before 3.0.0.Published 2023-09-05CVSS Score 9.8Source & Patch
Info CVE-2023-3374
MISC(link is external)Primary
Vendor -- Product osoft -- paint_production_management
Description Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL
Injection. This issue affects Paint Production Management: before 2.1.Published
2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-35065
MISC(link is external)Primary
Vendor -- Product bma -- personnel_tracking_system
Description Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL
Injection. This issue affects Personnel Tracking System: before
20230904.Published 2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-35068
MISC(link is external)Primary
Vendor -- Product coyav_travel -- proagent
Description Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.
This issue affects Proagent: before 20230904.Published 2023-09-05CVSS Score
9.8Source & Patch Info CVE-2023-35072
MISC(link is external)Primary
Vendor -- Product pocketmanga -- smangaDescription SQL Injection vulnerability
in smanga version 3.1.9 and earlier, allows remote attackers to execute
arbitrary code and gain sensitive information via mediaId, mangaId, and userId
parameters in php/history/add.php.Published 2023-09-01CVSS Score 9.8Source &
Patch Info CVE-2023-36076
MISC(link is external)Primary
Vendor -- Product macwk -- icecmsDescription An issue was discovered in IceCMS
version 2.0.1, allows attackers to escalate privileges and gain sensitive
information via UserID parameter in api/User/ChangeUser.Published 2023-09-01CVSS
Score 9.8Source & Patch Info CVE-2023-36100
MISC(link is external)Primary
Vendor -- Product mava -- hotel_management_systemDescription Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Mava Software Hotel Management System allows SQL Injection.
This issue affects Hotel Management System: before 2.0.Published 2023-09-05CVSS
Score 9.8Source & Patch Info CVE-2023-3616
MISC(link is external)Primary
Vendor -- Product netgear -- cbr40Description Buffer Overflow vulnerability in
NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated
attackers to execute arbitrary code via crafted URL to httpd.Published
2023-09-01CVSS Score 9.8Source & Patch Info CVE-2023-36187
MISC(link is external)Primary
Vendor -- Product relic -- relicDescription Integer Overflow vulnerability in
RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers
to execute arbitrary code, cause a denial of service, and escalate privileges
when calling realloc function in bn_grow function.Published 2023-09-01CVSS Score
9.8Source & Patch Info CVE-2023-36326
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product relic -- relicDescription Integer Overflow vulnerability in
RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers
to execute arbitrary code and cause a denial of service in pos argument in
bn_get_prime function.Published 2023-09-01CVSS Score 9.8Source & Patch Info
CVE-2023-36327
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product libtom -- libtommathDescription Integer Overflow vulnerability
in mp_grow in libtom libtommath before commit
beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary
code and cause a denial of service (DoS).Published 2023-09-01CVSS Score
9.8Source & Patch Info CVE-2023-36328
MISC(link is external)
FEDORA(link is external)Primary
Vendor -- Product web-audimex -- audimexeeDescription Audimexee v14.1.7 was
discovered to contain a SQL injection vulnerability via the p_table_name
parameter.Published 2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-36361
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product proscend -- m357-5gDescription Proscend Advice ICR Series
routers FW version 1.76 - CWE-1392: Use of Default CredentialsPublished
2023-09-03CVSS Score 9.8Source & Patch Info CVE-2023-3703
MISC(link is external)Primary
Vendor -- Product synel -- synergy/aDescription Synel Terminals - CWE-494:
Download of Code Without Integrity CheckPublished 2023-09-03CVSS Score 9.8Source
& Patch Info CVE-2023-37220
MISC(link is external)Primary
Vendor -- Product asus -- rt-ax56u
Description It is identified a format string vulnerability in ASUS RT-AX56U V2.
This vulnerability is caused by lacking validation for a specific value within
its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit
this vulnerability without privilege to perform remote arbitrary code execution,
arbitrary system operation or disrupt service.Published 2023-09-07CVSS Score
9.8Source & Patch Info CVE-2023-39238
MISC(link is external)Primary
Vendor -- Product asus -- rt-ax56u
Description It is identified a format string vulnerability in ASUS RT-AX56U
V2’s General function API. This vulnerability is caused by lacking validation
for a specific value within its apply.cgi module. An unauthenticated remote
attacker can exploit this vulnerability without privilege to perform remote
arbitrary code execution, arbitrary system operation or disrupt
service.Published 2023-09-07CVSS Score 9.8Source & Patch Info CVE-2023-39239
MISC(link is external)Primary
Vendor -- Product asus -- rt-ax56u
Description It is identified a format string vulnerability in ASUS RT-AX56U
V2’s iperf client function API. This vulnerability is caused by lacking
validation for a specific value within its set_iperf3_cli.cgi module. An
unauthenticated remote attacker can exploit this vulnerability without privilege
to perform remote arbitrary code execution, arbitrary system operation or
disrupt service.Published 2023-09-07CVSS Score 9.8Source & Patch Info
CVE-2023-39240
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. Affected versions are subject to a
SQL injection discovered in graph_view.php. Since guest users can access
graph_view.php without authentication by default, if guest users are being
utilized in an enabled state, there could be the potential for significant
damage. Attackers may exploit this vulnerability, and there may be possibilities
for actions such as the usurpation of administrative privileges or remote code
execution. This issue has been addressed in version 1.2.25. Users are advised to
upgrade. There are no known workarounds for this vulnerability.Published
2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-39361
MISC(link is external)Primary
Vendor -- Product langchain -- langchainDescription An issue in LanChain-ai
Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the
evaluate function in the numexpr library.Published 2023-09-01CVSS Score
9.8Source & Patch Info CVE-2023-39631
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product abuquant -- abupyDescription abupy up to v0.4.0 was discovered
to contain a SQL injection vulnerability via the component
abupy.MarketBu.ABuSymbol.search_to_symbol_dict.Published 2023-09-05CVSS Score
9.8Source & Patch Info CVE-2023-39654
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cuppa_cms -- cuppa_cmsDescription Cuppa CMS v1.0 was
discovered to contain a remote code execution (RCE) vulnerability via the
email_outgoing parameter at /Configuration.php. This vulnerability is triggered
via a crafted payload.Published 2023-09-05CVSS Score 9.8Source & Patch Info
CVE-2023-39681
MISC(link is external)Primary
Vendor -- Product moxa -- mxsecurityDescription There is a vulnerability in
MXsecurity versions prior to 1.0.1 that can be exploited to bypass
authentication. A remote attacker might access the system if the web service
authenticator has insufficient random values. Published 2023-09-02CVSS Score
9.8Source & Patch Info CVE-2023-39979
MISC(link is external)Primary
Vendor -- Product digitatek -- smartrise_document_management_systemDescription
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in Digita Information Technology Smartrise Document
Management System allows SQL Injection.This issue affects Smartrise Document
Management System: before Hvl-2.0.Published 2023-09-05CVSS Score 9.8Source &
Patch Info CVE-2023-4034
MISC(link is external)Primary
Vendor -- Product diaowen -- dwsurveyDescription File Upload vulnerability in
DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute
arbitrary code via the saveimage method and savveFile in the
action/UploadAction.java file.Published 2023-09-01CVSS Score 9.8Source & Patch
Info CVE-2023-40980
MISC(link is external)Primary
Vendor -- Product bolo-solo -- bolo-soloDescription File Upload vulnerability in
adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a
crafted script to the authorization field in the header.Published 2023-09-05CVSS
Score 9.8Source & Patch Info CVE-2023-41009
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product f-revocrm -- f-revocrmDescription F-RevoCRM version7.3.7 and
version7.3.8 contains an OS command injection vulnerability. If this
vulnerability is exploited, an attacker who can access the product may execute
an arbitrary OS command on the server where the product is running.Published
2023-09-06CVSS Score 9.8Source & Patch Info CVE-2023-41149
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product metaways_infosystems_gmbh -- tineDescription In tine through
2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL
Injection.Published 2023-09-01CVSS Score 9.8Source & Patch Info CVE-2023-41364
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product super_store_finder -- super_store_finderDescription Super
Store Finder v3.6 was discovered to contain multiple SQL injection
vulnerabilities in the store locator component via the products, distance, lat,
and lng parameters.Published 2023-09-05CVSS Score 9.8Source & Patch Info
CVE-2023-41507
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product neutron -- smart_vmsDescription Authentication Bypass by
Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication
Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.Published
2023-09-05CVSS Score 9.8Source & Patch Info CVE-2023-4178
MISC(link is external)Primary
Vendor -- Product lldpd -- lldpdDescription An issue was discovered in lldpd
before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES
TLVs, a malicious actor can remotely force the lldpd daemon to perform an
out-of-bounds read on heap memory. This occurs in cdp_decode in
daemon/protocols/cdp.c.Published 2023-09-05CVSS Score 9.8Source & Patch Info
CVE-2023-41910
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mestav -- e-commerce_softwareDescription Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Mestav Software E-commerce Software allows SQL Injection. This
issue affects E-commerce Software: before 20230901.Published 2023-09-05CVSS
Score 9.8Source & Patch Info CVE-2023-4531
MISC(link is external)Primary
Vendor -- Product lg -- lg_led_assistantDescription This vulnerability allows
remote attackers to execute arbitrary code on affected installations of LG LED
Assistant. Authentication is not required to exploit this vulnerability. The
specific flaw exists within the /api/settings/upload endpoint. The issue results
from the lack of proper validation of a user-supplied path prior to using it in
file operations. An attacker can leverage this vulnerability to execute code in
the context of the current user.Published 2023-09-04CVSS Score 9.8Source & Patch
Info CVE-2023-4613
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lg -- lg_led_assistantDescription This vulnerability allows
remote attackers to execute arbitrary code on affected installations of LG LED
Assistant. Authentication is not required to exploit this vulnerability. The
specific flaw exists within the /api/installation/setThumbnailRc endpoint. The
issue results from the lack of proper validation of a user-supplied path prior
to using it in file operations. An attacker can leverage this vulnerability to
execute code in the context of the current user.Published 2023-09-04CVSS Score
9.8Source & Patch Info CVE-2023-4614
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Media Library Assistant plugin for WordPress is vulnerable to
Local File Inclusion and Remote Code Execution in versions up to, and including,
3.09. This is due to insufficient controls on file paths being supplied to the
'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where
images are processed via Imagick(). This makes it possible for unauthenticated
attackers to supply files via FTP that will make directory lists, local file
inclusion, and remote code execution possible.Published 2023-09-06CVSS Score
9.8Source & Patch Info CVE-2023-4634
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product infosoftbd -- clcknshopDescription A vulnerability was found
in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects
some unknown processing of the file /collection/all of the component GET
Parameter Handler. The manipulation of the argument tag leads to sql injection.
The attack may be initiated remotely. The associated identifier of this
vulnerability is VDB-238571. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-09-01CVSS Score
9.8Source & Patch Info CVE-2023-4708
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product suntront --
smart_table_integrated_management_systemDescription A vulnerability, which was
classified as critical, was found in Xintian Smart Table Integrated Management
System 5.6.9. This affects an unknown part of the file
/SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName
leads to sql injection. The exploit has been disclosed to the public and may be
used. The associated identifier of this vulnerability is VDB-238575. NOTE: The
vendor was contacted early about this disclosure but did not respond in any
way.Published 2023-09-01CVSS Score 9.8Source & Patch Info CVE-2023-4712
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product byzoro -- smart_s85f_management_platformDescription A
vulnerability, which was classified as critical, has been found in Beijing
Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this
issue is some unknown functionality of the file /sysmanage/updateos.php. The
manipulation of the argument 1_file_upload leads to unrestricted upload. The
attack may be launched remotely. The exploit has been disclosed to the public
and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The
vendor was contacted early about this disclosure but did not respond in any
way.Published 2023-09-03CVSS Score 9.8Source & Patch Info CVE-2023-4739
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tenda -- ac8Description A vulnerability was found in Tenda AC8
16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this
vulnerability is the function formSetDeviceName. The manipulation leads to
stack-based buffer overflow. The attack can be launched remotely. The exploit
has been disclosed to the public and may be used. The identifier VDB-238633 was
assigned to this vulnerability.Published 2023-09-04CVSS Score 9.8Source & Patch
Info CVE-2023-4744
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dedecms -- dedecmsDescription A vulnerability classified as
critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code
of the file /uploads/tags.php. The manipulation of the argument tag_alias leads
to sql injection. The attack can be initiated remotely. The exploit has been
disclosed to the public and may be used. The identifier of this vulnerability is
VDB-238636.Published 2023-09-04CVSS Score 9.8Source & Patch Info CVE-2023-4747
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- inventory_management_systemDescription A
vulnerability, which was classified as critical, was found in SourceCodester
Inventory Management System 1.0. Affected is an unknown function of the file
index.php. The manipulation of the argument page leads to file inclusion. It is
possible to launch the attack remotely. The exploit has been disclosed to the
public and may be used. VDB-238638 is the identifier assigned to this
vulnerability.Published 2023-09-04CVSS Score 9.8Source & Patch Info
CVE-2023-4749
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product adobe -- adobe_commerce
Description Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and
2.3.7 (and earlier) are affected by an Improper input validation vulnerability
within the CMS page scheduled update feature. An authenticated attacker with
administrative privilege could leverage this vulnerability to achieve remote
code execution on the system.Published 2023-09-06CVSS Score 9.1Source & Patch
Info CVE-2021-36021
MISC(link is external)Primary
Vendor -- Product adobe -- adobe_commerce
Description Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability
in the Widgets Update Layout. An attacker with admin privileges can trigger a
specially crafted script to achieve remote code execution.Published
2023-09-06CVSS Score 9.1Source & Patch Info CVE-2021-36023
MISC(link is external)Primary
Vendor -- Product adobe -- adobe_commerce
Description Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and
2.3.7 (and earlier) are affected by an improper access control vulnerability
within Magento's Media Gallery Upload workflow. By storing a specially crafted
file in the website gallery, an authenticated attacker with administrative
privilege can gain access to delete the .htaccess file. This could result in the
attacker achieving remote code execution.Published 2023-09-06CVSS Score
9.1Source & Patch Info CVE-2021-36036
MISC(link is external)Primary
Vendor -- Product ibm -- financial_transaction_managerDescription IBM Financial
Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External
Entity Injection (XXE) attack when processing XML data. A remote attacker could
exploit this vulnerability to expose sensitive information or consume memory
resources. IBM X-Force ID: 258786.Published 2023-09-05CVSS Score 9.1Source &
Patch Info CVE-2023-35892
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ahwx -- libreyDescription LibreY is a fork of LibreX, a
framework-less and javascript-free privacy respecting meta search engine. LibreY
is subject to a Server-Side Request Forgery (SSRF) vulnerability in the
`image_proxy.php` file of LibreY before commit
8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote
attackers to use the server as a proxy to send HTTP GET requests to arbitrary
targets and retrieve information in the internal network or conduct
Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can
use the server as a proxy to send HTTP GET requests and retrieve information in
the internal network. Remote attackers can also request the server to download
large files or chain requests among multiple instances to reduce the performance
of the server or even deny access from legitimate users. This issue has been
addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are
advised to use the latest commit. There are no known workarounds for this
vulnerability.Published 2023-09-04CVSS Score 9.1Source & Patch Info
CVE-2023-41054
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_airwaveDescription Aruba
AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.Published
2023-09-05CVSS Score 8.8Source & Patch Info CVE-2015-1391
MISC(link is external)Primary
Vendor -- Product nokia -- access_management_systemDescription An issue was
discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of
the ipAddress variable. A remote user, authenticated to the AMS server, could
inject code in the PING function. The privileges of the command executed depend
on the user that runs the service.Published 2023-09-05CVSS Score 8.8Source &
Patch Info CVE-2022-41763
MISC(link is external)Primary
Vendor -- Product phpfusion -- phpfusionDescription There is insufficient
sanitization of tainted file names that are directly concatenated with a path
that is subsequently passed to a ‘require_once’ statement. This allows arbitrary
files with the ‘.php’ extension for which the absolute path is known to be
included and executed. There are no known means in PHPFusion through which an
attacker can upload and target a ‘.php’ file payload.Published 2023-09-05CVSS
Score 8.8Source & Patch Info CVE-2023-2453
MISC(link is external)Primary
Vendor -- Product apple -- pro_video_formatsDescription A logic issue was
addressed with improved state management. This issue is fixed in Pro Video
Formats 2.2.5. A user may be able to elevate privileges.Published 2023-09-06CVSS
Score 8.8Source & Patch Info CVE-2023-29166
MISC(link is external)Primary
Vendor -- Product asus -- _rt-ac86u
Description ASUS RT-AC86U Adaptive QoS - Web History function has insufficient
filtering of special character. A remote attacker with regular user privilege
can exploit this vulnerability to perform command injection attack to execute
arbitrary commands, disrupt system or terminate services.Published
2023-09-07CVSS Score 8.8Source & Patch Info CVE-2023-38031
MISC(link is external)Primary
Vendor -- Product asus -- rt-ac86u
Description ASUS RT-AC86U AiProtection security- related function has
insufficient filtering of special character. A remote attacker with regular user
privilege can exploit this vulnerability to perform command injection attack to
execute arbitrary commands, disrupt system or terminate services.Published
2023-09-07CVSS Score 8.8Source & Patch Info CVE-2023-38032
MISC(link is external)Primary
Vendor -- Product asus -- rt-ac86u
Description ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has
insufficient filtering of special character. A remote attacker with regular user
privilege can exploit this vulnerability to perform command injection attack to
execute arbitrary commands, disrupt system or terminate services.Published
2023-09-07CVSS Score 8.8Source & Patch Info CVE-2023-38033
MISC(link is external)Primary
Vendor -- Product asus -- rt-ac86u
Description ASUS RT-AC86U Traffic Analyzer - Statistic function has
insufficient filtering of special character. A remote attacker with regular user
privilege can exploit this vulnerability to perform command injection attack to
execute arbitrary commands, disrupt system or terminate services.Published
2023-09-07CVSS Score 8.8Source & Patch Info CVE-2023-39236
MISC(link is external)Primary
Vendor -- Product asus -- rt-ac86u
Description ASUS RT-AC86U Traffic Analyzer - Apps analysis function has
insufficient filtering of special character. A remote attacker with regular user
privilege can exploit this vulnerability to perform command injection attack to
execute arbitrary commands, disrupt system or terminate services.Published
2023-09-07CVSS Score 8.8Source & Patch Info CVE-2023-39237
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. A defect in the sql_save function was
discovered. When the column type is numeric, the sql_save function directly
utilizes user input. Many files and functions calling the sql_save function do
not perform prior validation of user input, leading to the existence of multiple
SQL injection vulnerabilities in Cacti. This allows authenticated users to
exploit these SQL injection vulnerabilities to perform privilege escalation and
remote code execution. This issue has been addressed in version 1.2.25. Users
are advised to upgrade. There are no known workarounds for this
vulnerability.Published 2023-09-05CVSS Score 8.8Source & Patch Info
CVE-2023-39357
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. An authenticated SQL injection
vulnerability was discovered which allows authenticated users to perform
privilege escalation and remote code execution. The vulnerability resides in the
`reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is
passed to the `reports_get_branch_select` function without any validation. This
issue has been addressed in version 1.2.25. Users are advised to upgrade. There
are no known workarounds for this vulnerability.Published 2023-09-05CVSS Score
8.8Source & Patch Info CVE-2023-39358
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. An authenticated SQL injection
vulnerability was discovered which allows authenticated users to perform
privilege escalation and remote code execution. The vulnerability resides in the
`graphs.php` file. When dealing with the cases of ajax_hosts and
ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly
reflected in the WHERE clause of the SQL statement. This creates an SQL
injection vulnerability. This issue has been addressed in version 1.2.25. Users
are advised to upgrade. There are no known workarounds for this
vulnerability.Published 2023-09-05CVSS Score 8.8Source & Patch Info
CVE-2023-39359
MISC(link is external)Primary
Vendor -- Product startrinity -- softswitchDescription StarTrinity Softswitch
version 2023-02-16 - Multiple CSRF (CWE-352)Published 2023-09-03CVSS Score
8.8Source & Patch Info CVE-2023-39372
MISC(link is external)Primary
Vendor -- Product shirasagi -- shirasagiDescription Path traversal vulnerability
in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or
create arbitrary files on the server, resulting in arbitrary code
execution.Published 2023-09-05CVSS Score 8.8Source & Patch Info CVE-2023-39448
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product knowstreaming -- knowstreamingDescription KnowStreaming 3.3.0
is vulnerable to Escalation of Privileges. Unauthorized users can create a new
user with an admin role.Published 2023-09-05CVSS Score 8.8Source & Patch Info
CVE-2023-40918
MISC(link is external)Primary
Vendor -- Product slims -- senayan_library_management_systemDescription Senayan
Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection
via admin/modules/circulation/loan_rules.php.Published 2023-09-01CVSS Score
8.8Source & Patch Info CVE-2023-40970
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibosDescription A vulnerability has been found in IBOS
OA 4.5.5 and classified as critical. This vulnerability affects the function
addComment of the file ?r=weibo/comment/addcomment. The manipulation of the
argument touid leads to sql injection. The exploit has been disclosed to the
public and may be used. The identifier of this vulnerability is VDB-238576.
NOTE: The vendor was contacted early about this disclosure but did not respond
in any way.Published 2023-09-01CVSS Score 8.8Source & Patch Info CVE-2023-4713
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibosDescription A vulnerability, which was classified
as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the
file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler.
The manipulation leads to sql injection. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-238629 was assigned to this vulnerability. NOTE: The vendor was
contacted early about this disclosure but did not respond in any way.Published
2023-09-03CVSS Score 8.8Source & Patch Info CVE-2023-4740
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibosDescription A vulnerability has been found in IBOS
OA 4.5.5 and classified as critical. This vulnerability affects unknown code of
the file ?r=diary/default/del of the component Delete Logs Handler. The
manipulation leads to sql injection. The attack can be initiated remotely. The
exploit has been disclosed to the public and may be used. VDB-238630 is the
identifier assigned to this vulnerability. NOTE: The vendor was contacted early
about this disclosure but did not respond in any way.Published 2023-09-03CVSS
Score 8.8Source & Patch Info CVE-2023-4741
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibosDescription A vulnerability was found in IBOS OA
4.5.5 and classified as critical. This issue affects some unknown processing of
the file ?r=dashboard/user/export&uid=X. The manipulation leads to sql
injection. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The associated identifier of this vulnerability
is VDB-238631. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.Published 2023-09-03CVSS Score 8.8Source & Patch Info
CVE-2023-4742
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- n200re-v5Description A vulnerability classified as
critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This
affects the function Validity_check. The manipulation leads to format string. It
is possible to initiate the attack remotely. The exploit has been disclosed to
the public and may be used. The associated identifier of this vulnerability is
VDB-238635.Published 2023-09-04CVSS Score 8.8Source & Patch Info CVE-2023-4746
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- chromeDescription Type Confusion in V8 in Google
Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary
code via a crafted HTML page. (Chromium security severity: High)Published
2023-09-05CVSS Score 8.8Source & Patch Info CVE-2023-4762
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- chromeDescription Use after free in Networks in
Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity:
High)Published 2023-09-05CVSS Score 8.8Source & Patch Info CVE-2023-4763
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription A file
write vulnerability exists in the OAS Engine configuration functionality of Open
Automation Software OAS Platform v18.00.0072. A specially crafted series of
network requests can lead to arbitrary file creation or overwrite. An attacker
can send a sequence of requests to trigger this vulnerability.Published
2023-09-05CVSS Score 8.1Source & Patch Info CVE-2023-32615
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
authentication bypass vulnerability exists in the OAS Engine functionality of
Open Automation Software OAS Platform v18.00.0072. A specially crafted series of
network requests can lead to arbitrary authentication. An attacker can sniff
network traffic to trigger this vulnerability.Published 2023-09-05CVSS Score
8.1Source & Patch Info CVE-2023-34998
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product moxa -- mxsecurityDescription A vulnerability that allows the
unauthorized disclosure of authenticated information has been identified in
MXsecurity versions prior to v1.0.1. This vulnerability arises when special
elements are not neutralized correctly, allowing remote attackers to alter SQL
commands.Published 2023-09-02CVSS Score 8.1Source & Patch Info CVE-2023-39980
MISC(link is external)Primary
Vendor -- Product pkp -- pkb-libDescription Use of Predictable Algorithm in
Random Number Generator in GitHub repository pkp/pkp-lib prior to
3.3.0-16.Published 2023-09-01CVSS Score 8.1Source & Patch Info CVE-2023-4695
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product d-link -- dar-8000-10Description A vulnerability, which was
classified as critical, has been found in D-Link DAR-8000-10 up to 20230819.
Affected by this issue is some unknown functionality of the file
/log/decodmail.php. The manipulation of the argument file leads to os command
injection. The attack may be launched remotely. The complexity of an attack is
rather high. The exploitation is known to be difficult. The exploit has been
disclosed to the public and may be used. VDB-238574 is the identifier assigned
to this vulnerability. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-09-01CVSS Score
8.1Source & Patch Info CVE-2023-4711
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- chromeDescription Out of bounds memory access in
FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had
compromised the renderer process to perform an out of bounds memory read via a
crafted HTML page. (Chromium security severity: High)Published 2023-09-05CVSS
Score 8.1Source & Patch Info CVE-2023-4761
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product bmc -- patrol_agentDescription BMC PATROL Agent through
20.08.00 allows local privilege escalation via vectors involving pconfig
+RESTART -host.Published 2023-09-05CVSS Score 7.8Source & Patch Info
CVE-2020-35593
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product adobe -- acrobat_reader
Description Acrobat Reader DC versions 2020.013.20074 (and earlier),
2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a
Use After Free vulnerability. An unauthenticated attacker could leverage this
vulnerability to achieve arbitrary code execution in the context of the current
user. Exploitation of this issue requires user interaction in that a victim must
open a malicious file.Published 2023-09-06CVSS Score 7.8Source & Patch Info
CVE-2021-21088
MISC(link is external)Primary
Vendor -- Product adobe -- acrobat_reader
Description Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a
Path traversal vulnerability. An unauthenticated attacker could leverage this
vulnerability to achieve arbitrary code execution in the context of the current
user. Exploitation of this issue requires user interaction in that a victim must
open a malicious file.Published 2023-09-06CVSS Score 7.8Source & Patch Info
CVE-2021-28644
MISC(link is external)Primary
Vendor -- Product adobe -- acrobat_reader
Description Acrobat Reader DC versions 2021.005.20054 (and earlier),
2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a
Path traversal vulnerability. An unauthenticated attacker could leverage this
vulnerability to achieve arbitrary code execution in the context of the current
user. Exploitation of this issue requires user interaction in that a victim must
open a malicious file.Published 2023-09-06CVSS Score 7.8Source & Patch Info
CVE-2021-35980
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability which could result
in a read past the end of an allocated memory structure. An attacker could
leverage this vulnerability to execute code in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open
a malicious file.Published 2023-09-07CVSS Score 7.8Source & Patch Info
CVE-2021-40795
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are
affected by an out-of-bounds write vulnerability that could result in arbitrary
code execution in the context of the current user. Exploitation of this issue
requires user interaction in that a victim must open a malicious JPG
file.Published 2023-09-07CVSS Score 7.8Source & Patch Info CVE-2021-43018
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability which could result
in a read past the end of an allocated memory structure. An attacker could
leverage this vulnerability to execute code in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open
a malicious file.Published 2023-09-07CVSS Score 7.8Source & Patch Info
CVE-2021-44188
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30637
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30638
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30639
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30640
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30641
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30642
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30643
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free
vulnerability that could result in arbitrary code execution in the context of
the current user. Exploitation of this issue requires user interaction in that a
victim must open a malicious file.Published 2023-09-07CVSS Score 7.8Source &
Patch Info CVE-2022-30644
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30645
MISC(link is external)Primary
Vendor -- Product adobe -- illustratorDescription Adobe Illustrator versions
26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.Published 2023-09-07CVSS Score
7.8Source & Patch Info CVE-2022-30646
MISC(link is external)Primary
Vendor -- Product qualcomm -- 315_5g_iot_modemDescription Memory corruption due
to improper validation of array index in WLAN HAL when received lm_itemNum is
out of range.Published 2023-09-05CVSS Score 7.8Source & Patch Info
CVE-2022-33275
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption due to buffer
over-read in Modem while processing SetNativeHandle RTP service.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2022-40524
MISC(link is external)Primary
Vendor -- Product qualcomm -- wcn685x-5Description Memory corruption due to
improper validation of array index in Audio.Published 2023-09-05CVSS Score
7.8Source & Patch Info CVE-2022-40534
MISC(link is external)Primary
Vendor -- Product saltstack -- saltDescription Git Providers can read from the
wrong environment because they get the same cache directory base name in Salt
masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with
different environments can get garbage data or the wrong data, which can lead to
wrongful data disclosure, wrongful executions, data corruption and/or
crash.Published 2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-20898
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory Corruption due to
improper validation of array index in Linux while updating adn record.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-21636
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption in RIL due to
Integer Overflow while triggering qcril_uim_request_apdu request.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-21644
MISC(link is external)Primary
Vendor -- Product qualcomm -- apq8096auDescription Memory corruption in Audio
during playback session with audio effects enabled.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-21654
MISC(link is external)Primary
Vendor -- Product qualcomm -- qca6391Description Memory corruption in Audio
while validating and mapping metadata.Published 2023-09-05CVSS Score 7.8Source &
Patch Info CVE-2023-21655
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption in Core
Platform while printing the response buffer in log.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-21662
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory Corruption while
accessing metadata in Display.Published 2023-09-05CVSS Score 7.8Source & Patch
Info CVE-2023-21663
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory Corruption in Core
Platform while printing the response buffer in log.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-21664
MISC(link is external)Primary
Vendor -- Product bludit -- bluditDescription Permissions vulnerability found in
Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the
role:admin parameter.Published 2023-09-01CVSS Score 7.8Source & Patch Info
CVE-2023-24674
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dell -- alienware_command_centerDescription Dell Alienware
Command Center, versions prior to 5.5.51.0, contain a deserialization of
untrusted data vulnerability. A local malicious user could potentially send
specially crafted requests to the .NET Remoting server to run arbitrary code on
the system.Published 2023-09-04CVSS Score 7.8Source & Patch Info CVE-2023-28072
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28209
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28210
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28211
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28212
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28213
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28214
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-28215
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption in WIN
Product while invoking WinAcpi update driver in the UEFI region.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-28538
MISC(link is external)Primary
Vendor -- Product qualcomm -- 315_5g_iot_modemDescription Memory corruption in
WLAN handler while processing PhyID in Tx status handler.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-28558
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption in WLAN FW
while processing command parameters from untrusted WMI payload.Published
2023-09-05CVSS Score 7.8Source & Patch Info CVE-2023-28559
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Memory corruption in WLAN HAL
while passing command parameters through WMI interfaces.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-28564
MISC(link is external)Primary
Vendor -- Product qualcomm -- 9205_lteDescription Memory corruption in WLAN HAL
while handling command streams through WMI interfaces.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-28565
MISC(link is external)Primary
Vendor -- Product qualcomm -- 315_5g_iotDescription Memory corruption in WLAN
HAL while handling command through WMI interfaces.Published 2023-09-05CVSS Score
7.8Source & Patch Info CVE-2023-28567
MISC(link is external)Primary
Vendor -- Product qualcomm -- 315_5g_iotDescription Memory corruption in WLAN
HAL while parsing WMI command parameters.Published 2023-09-05CVSS Score
7.8Source & Patch Info CVE-2023-28573
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper input
validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local
attackers to launch privileged activities.Published 2023-09-06CVSS Score
7.8Source & Patch Info CVE-2023-30710
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper input
validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows
attackers to launch arbitrary activity.Published 2023-09-06CVSS Score 7.8Source
& Patch Info CVE-2023-30712
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- blockchain_keystoreDescription Protection
Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to
version 1.3.13.5 allows local attacker to execute arbitrary code.Published
2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-30722
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
privilege escalation vulnerability. A low-privileged OS user with access to a
Windows host where Cacti is installed can create arbitrary PHP files in a web
document directory. The user can then execute the PHP files under the security
context of SYSTEM. This allows an attacker to escalate privilege from a normal
user account to SYSTEM. This issue has been addressed in version 1.2.25. Users
are advised to upgrade. There are no known workarounds for this
vulnerability.Published 2023-09-05CVSS Score 7.8Source & Patch Info
CVE-2023-31132
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.3. An app may be able to cause unexpected system termination or write kernel
memory.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-32356
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A buffer overflow issue was
addressed with improved memory handling. This issue is fixed in macOS Ventura
13.4. An app may be able to execute arbitrary code with kernel
privileges.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-32379
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5,
watchOS 9.5. An app may be able to gain elevated privileges.Published
2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-32425
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A logic issue was addressed
with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be
able to gain root privileges.Published 2023-09-06CVSS Score 7.8Source & Patch
Info CVE-2023-32426
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS
16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root
privileges.Published 2023-09-06CVSS Score 7.8Source & Patch Info CVE-2023-32428
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product canonical_ltd. -- ubuntuDescription In Ubuntu's
accountsservice an unprivileged local attacker can trigger a use-after-free
vulnerability in accountsservice by sending a D-Bus message to the
accounts-daemon process.Published 2023-09-01CVSS Score 7.8Source & Patch Info
CVE-2023-3297
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product qualcomm -- apq8064auDescription Memory corruption in Graphics
while processing user packets for command submission.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-33021
MISC(link is external)Primary
Vendor -- Product soar_cloud_ltd._ -- hr_portal
Description Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism
for Forgotten Password. The reset password link sent out through e-mail, and the
link will remain valid after the password has been reset and after the expected
expiration date. An attacker with access to the browser history or has the line
can thus use the URL again to change the password in order to take over the
account.Published 2023-09-07CVSS Score 7.8Source & Patch Info CVE-2023-34357
MISC(link is external)Primary
Vendor -- Product panasonic -- kw_watcherDescription Buffer overflow
vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow
attackers to execute arbitrary code.Published 2023-09-06CVSS Score 7.8Source &
Patch Info CVE-2023-3471
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product panasonic -- kw_watcherDescription Use after free
vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow
attackers to execute arbitrary code.Published 2023-09-06CVSS Score 7.8Source &
Patch Info CVE-2023-3472
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38443
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38444
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38449
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38450
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38451
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38452
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38453
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check.This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38455
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38456
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38458
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38459
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38460
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local escalation of
privilege with no additional execution privileges.Published 2023-09-04CVSS Score
7.8Source & Patch Info CVE-2023-38464
MISC(link is external)Primary
Vendor -- Product forescout -- secureconnectorDescription ForeScout NAC
SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path
ElementPublished 2023-09-03CVSS Score 7.8Source & Patch Info CVE-2023-39374
MISC(link is external)Primary
Vendor -- Product ge -- cimplicityDescription GE CIMPLICITY 2023 is by a process
control vulnerability, which could allow a local attacker to insert malicious
configuration files in the expected web server execution path to escalate
privileges and gain full control of the HMI software.Published 2023-09-05CVSS
Score 7.8Source & Patch Info CVE-2023-4487
MISC
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Use After Free in GitHub repository
vim/vim prior to 9.0.1840.Published 2023-09-04CVSS Score 7.8Source & Patch Info
CVE-2023-4733
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Integer Overflow or Wraparound in GitHub
repository vim/vim prior to 9.0.1846.Published 2023-09-02CVSS Score 7.8Source &
Patch Info CVE-2023-4734
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Out-of-bounds Write in GitHub repository
vim/vim prior to 9.0.1847.Published 2023-09-02CVSS Score 7.8Source & Patch Info
CVE-2023-4735
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Untrusted Search Path in GitHub
repository vim/vim prior to 9.0.1833.Published 2023-09-02CVSS Score 7.8Source &
Patch Info CVE-2023-4736
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Heap-based Buffer Overflow in GitHub
repository vim/vim prior to 9.0.1848.Published 2023-09-02CVSS Score 7.8Source &
Patch Info CVE-2023-4738
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Use After Free in GitHub repository
vim/vim prior to 9.0.1857.Published 2023-09-04CVSS Score 7.8Source & Patch Info
CVE-2023-4750
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Heap-based Buffer Overflow in GitHub
repository vim/vim prior to 9.0.1331.Published 2023-09-03CVSS Score 7.8Source &
Patch Info CVE-2023-4751
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Use After Free in GitHub repository
vim/vim prior to 9.0.1858.Published 2023-09-04CVSS Score 7.8Source & Patch Info
CVE-2023-4752
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Heap-based Buffer Overflow in GitHub
repository vim/vim prior to 9.0.1873.Published 2023-09-05CVSS Score 7.8Source &
Patch Info CVE-2023-4781
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elsys -- ers_1.5Description ELSYS ERS 1.5 Sound v2.3.8 was
discovered to contain a buffer overflow via the NFC data parser.Published
2023-09-01CVSS Score 7.5Source & Patch Info CVE-2022-46527
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product qualcomm -- ar8035Description Transient DOS in Modem while
processing invalid System Information Block 1.Published 2023-09-05CVSS Score
7.5Source & Patch Info CVE-2023-21646
MISC(link is external)Primary
Vendor -- Product qualcomm -- ar8035Description Transient DOS in Modem while
processing RRC reconfiguration message.Published 2023-09-05CVSS Score 7.5Source
& Patch Info CVE-2023-21653
MISC(link is external)Primary
Vendor -- Product eclipse -- mosquittoDescription The broker in Eclipse
Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused
remotely when a client sends many QoS 2 messages with duplicate message IDs and
fails to respond to PUBREC commands. This occurs because of mishandling of
EAGAIN from the libc send function.Published 2023-09-01CVSS Score 7.5Source &
Patch Info CVE-2023-28366
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Transient DOS in WLAN Host when
a mobile station receives invalid channel in CSA IE while doing channel switch
announcement (CSA).Published 2023-09-05CVSS Score 7.5Source & Patch Info
CVE-2023-28584
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper
authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to
access Captive Portal Wi-Fi in Reactivation Lock status.Published 2023-09-06CVSS
Score 7.5Source & Patch Info CVE-2023-30708
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- emailDescription Improper Certificate
Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to
intercept the network traffic including sensitive information.Published
2023-09-06CVSS Score 7.5Source & Patch Info CVE-2023-30729
MISC(link is external)Primary
Vendor -- Product roundcube -- roundcubeDescription Vulnerability in the
password recovery mechanism of Password Recovery plugin for Roundcube, in its
1.2 version, which could allow a remote attacker to change an existing user´s
password by adding a 6-digit numeric token. An attacker could create an
automatic script to test all possible values because the platform has no limit
on the number of requests.Published 2023-09-04CVSS Score 7.5Source & Patch Info
CVE-2023-3222
MISC(link is external)Primary
Vendor -- Product qualcomm -- 315_5gDescription Transient DOS in WLAN Firmware
while interpreting MBSSID IE of a received beacon frame.Published 2023-09-05CVSS
Score 7.5Source & Patch Info CVE-2023-33015
MISC(link is external)Primary
Vendor -- Product qualcomm -- csr8811Description Transient DOS in WLAN firmware
while parsing MLO (multi-link operation).Published 2023-09-05CVSS Score
7.5Source & Patch Info CVE-2023-33016
MISC(link is external)Primary
Vendor -- Product qualcomm -- 9206_lteDescription Transient DOS in WLAN Host
while doing channel switch announcement (CSA), when a mobile station receives
invalid channel in CSA IE.Published 2023-09-05CVSS Score 7.5Source & Patch Info
CVE-2023-33019
MISC(link is external)Primary
Vendor -- Product qualcomm -- 9206_lteDescription Transient DOS in WLAN Host
when an invalid channel (like channel out of range) is received in STA during
CSA IE.Published 2023-09-05CVSS Score 7.5Source & Patch Info CVE-2023-33020
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In NIA0 algorithm in Security
Mode Command, there is a possible missing verification incorrect input. This
could lead to remote information disclosure no additional execution privileges
neededPublished 2023-09-04CVSS Score 7.5Source & Patch Info CVE-2023-33914
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In LTE protocol stack, there is a
possible missing permission check. This could lead to remote information
disclosure no additional execution privileges neededPublished 2023-09-04CVSS
Score 7.5Source & Patch Info CVE-2023-33915
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
authentication bypass vulnerability exists in the OAS Engine authentication
functionality of Open Automation Software OAS Platform v18.00.0072. A specially
crafted network sniffing can lead to decryption of sensitive information. An
attacker can sniff network traffic to trigger this vulnerability.Published
2023-09-05CVSS Score 7.5Source & Patch Info CVE-2023-34353
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspexDescription IBM Aspera Faspex 5.0.5 could
allow a remote attacked to bypass IP restrictions due to improper access
controls. IBM X-Force ID: 259649.Published 2023-09-05CVSS Score 7.5Source &
Patch Info CVE-2023-35906
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vesoft -- nebulagraph_studioDescription Server Side Request
Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote
attackers to gain sensitive information.Published 2023-09-01CVSS Score 7.5Source
& Patch Info CVE-2023-36088
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product hjson-java -- hjson-javaDescription An issue in hjson-java up
to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a
crafted JSON string.Published 2023-09-01CVSS Score 7.5Source & Patch Info
CVE-2023-39685
MISC(link is external)Primary
Vendor -- Product moxa -- mxsecurityDescription A vulnerability that allows for
unauthorized access has been discovered in MXsecurity versions prior to v1.0.1.
This vulnerability arises from inadequate authentication measures, potentially
leading to the disclosure of device information by a remote attacker.Published
2023-09-02CVSS Score 7.5Source & Patch Info CVE-2023-39981
MISC(link is external)Primary
Vendor -- Product lexmark -- c2132Description Certain Lexmark devices (such as
CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure.
The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full
version specification varies across product model family, but firmware level
P246 (or higher) is required to remediate the vulnerability.Published
2023-09-01CVSS Score 7.5Source & Patch Info CVE-2023-40239
MISC(link is external)Primary
Vendor -- Product dataease -- dataeaseDescription SQL injection vulnerability in
DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a
crafted string outside of the blacklist function.Published 2023-09-01CVSS Score
7.5Source & Patch Info CVE-2023-40771
MISC(link is external)Primary
Vendor -- Product timg -- timgDescription Buffer Overflow vulnerability in
hzeller timg v.1.5.2 and before allows a remote attacker to cause a denial of
service via the 0x61200000045c address.Published 2023-09-01CVSS Score 7.5Source
& Patch Info CVE-2023-40968
MISC(link is external)Primary
Vendor -- Product ahwx -- libreyDescription LibreY is a fork of LibreX, a
framework-less and javascript-free privacy respecting meta search engine. LibreY
is subject to a Server-Side Request Forgery (SSRF) vulnerability in the
`engines/google/text.php` and `engines/duckduckgo/text.php` files in versions
before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability
allows remote attackers to request the server to send HTTP GET requests to
arbitrary targets and conduct Denial-of-Service (DoS) attacks via the
`wikipedia_language` cookie. Remote attackers can request the server to download
large files to reduce the performance of the server or even deny access from
legitimate users. This issue has been patched in
https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the
latest commit. There are no known workarounds for this vulnerability.Published
2023-09-04CVSS Score 7.5Source & Patch Info CVE-2023-41055
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product parse_platform -- parse-serverDescription Parse Server is an
open-source backend server. In affected versions the Parse Cloud trigger
`beforeFind` is not invoked in certain conditions of `Parse.Query`. This can
pose a vulnerability for deployments where the `beforeFind` trigger is used as a
security layer to modify the incoming query. The vulnerability has been fixed by
refactoring the internal query pipeline for a more concise code structure and
implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was
introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and
5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of
parse server's security layers to manage access levels with Class-Level
Permissions and Object-Level Access Control that should be used instead of
custom security layers in Cloud Code triggers.Published 2023-09-04CVSS Score
7.5Source & Patch Info CVE-2023-41058
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jira -- o-ran_software_communityDescription O-RAN Software
Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing
tables it receives, potentially allowing attackers to send forged routing tables
to the device.Published 2023-09-01CVSS Score 7.5Source & Patch Info
CVE-2023-41627
MISC(link is external)Primary
Vendor -- Product jira -- o-ran_software_communityDescription An issue in O-RAN
Software Community E2 G-Release allows attackers to cause a Denial of Service
(DoS) by incorrectly initiating the messaging procedure between the E2Node and
E2Term components.Published 2023-09-01CVSS Score 7.5Source & Patch Info
CVE-2023-41628
MISC(link is external)Primary
Vendor -- Product frrouting -- frroutingDescription An issue was discovered in
FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c
processes malformed requests with no attributes, leading to a NULL pointer
dereference.Published 2023-09-05CVSS Score 7.5Source & Patch Info CVE-2023-41909
MISC(link is external)Primary
Vendor -- Product juniper -- junosDescription An Improper Input Validation
vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS
and Junos OS Evolved allows an unauthenticated, network-based attacker to cause
a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are
received over an established BGP session, one BGP session may be torn down with
an UPDATE message error, or the issue may propagate beyond the local system
which will remain non-impacted, but may affect one or more remote systems. This
issue is exploitable remotely as the crafted UPDATE message can propagate
through unaffected systems and intermediate BGP speakers. Continuous receipt of
the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS)
condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4
and IPv6 implementations. This issue requires a remote attacker to have at least
one established BGP session.Published 2023-09-01CVSS Score 7.5Source & Patch
Info CVE-2023-4481
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product daurnimator -- lua-httpDescription Improper Handling of
Exceptional Conditions vulnerability in Daurnimator lua-http library allows
Excessive Allocation and a denial of service (DoS) attack to be executed by
sending a properly crafted request to the server. This issue affects lua-http:
all versions before commit ddab283.Published 2023-09-05CVSS Score 7.5Source &
Patch Info CVE-2023-4540
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lg -- lg_led_assistantDescription This vulnerability allows
remote attackers to disclose sensitive information on affected installations of
LG LED Assistant. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the /api/download/updateFile endpoint. The issue
results from the lack of proper validation of a user-supplied path prior to
using it in file operations. An attacker can leverage this vulnerability to
disclose information in the context of the current user.Published 2023-09-04CVSS
Score 7.5Source & Patch Info CVE-2023-4615
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lg -- lg_led_assistantDescription This vulnerability allows
remote attackers to disclose sensitive information on affected installations of
LG LED Assistant. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the /api/thumbnail endpoint. The issue results
from the lack of proper validation of a user-supplied path prior to using it in
file operations. An attacker can leverage this vulnerability to disclose
information in the context of the current user.Published 2023-09-04CVSS Score
7.5Source & Patch Info CVE-2023-4616
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab affecting all versions starting from 15.2 before 16.1.5, all versions
starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1
in which the projects API pagination can be skipped, potentially leading to DoS
on certain instances.Published 2023-09-01CVSS Score 7.5Source & Patch Info
CVE-2023-4647
MISC(link is external)Primary
Vendor -- Product playtube -- playtubeDescription A vulnerability was found in
PlayTube 3.0.1 and classified as problematic. This issue affects some unknown
processing of the component Redirect Handler. The manipulation leads to
information disclosure. The attack may be initiated remotely. The identifier
VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted
early about this disclosure but did not respond in any way.Published
2023-09-01CVSS Score 7.5Source & Patch Info CVE-2023-4714
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product yongyou -- ufida-ncDescription A vulnerability, which was
classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This
issue affects some unknown processing of the file PrintTemplateFileServlet.java.
The manipulation of the argument filePath leads to path traversal. The attack
may be initiated remotely. The exploit has been disclosed to the public and may
be used. The identifier VDB-238637 was assigned to this vulnerability.Published
2023-09-05CVSS Score 7.5Source & Patch Info CVE-2023-4748
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product adobe -- coldfusion
Description ColdFusion version 2021 update 1 (and earlier) and versions 2018.10
(and earlier) are impacted by an Use of Inherently Dangerous Function
vulnerability that can lead to a security feature bypass??. An authenticated
attacker could leverage this vulnerability to access and manipulate arbitrary
data on the environment.Published 2023-09-07CVSS Score 7.4Source & Patch Info
CVE-2021-40698
MISC(link is external)Primary
Vendor -- Product adobe -- coldfusion
Description ColdFusion version 2021 update 1 (and earlier) and versions 2018.10
(and earlier) are impacted by an improper access control vulnerability when
checking permissions in the CFIDE path. An authenticated attacker could leverage
this vulnerability to access and manipulate arbitrary data on the
environment.Published 2023-09-07CVSS Score 7.4Source & Patch Info CVE-2021-40699
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_airwaveDescription Aruba
AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command
execution and file disclosure by administrative users.Published 2023-09-05CVSS
Score 7.2Source & Patch Info CVE-2015-2201
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_airwaveDescription Aruba
AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to
escalate privileges to root on the underlying OS.Published 2023-09-05CVSS Score
7.2Source & Patch Info CVE-2015-2202
MISC(link is external)Primary
Vendor -- Product openwrt -- openwrtDescription In wlan service, there is a
possible command injection due to improper input validation. This could lead to
remote code execution with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID:
WCNCR00244189.Published 2023-09-04CVSS Score 7.2Source & Patch Info
CVE-2023-20820
MISC(link is external)Primary
Vendor -- Product bookreen -- bookreenDescription Unrestricted Upload of File
with Dangerous Type vulnerability in Unisign Bookreen allows OS Command
Injection.This issue affects Bookreen: before 3.0.0.Published 2023-09-05CVSS
Score 7.2Source & Patch Info CVE-2023-3375
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. In Cacti 1.2.24, under certain
conditions, an authenticated privileged user, can use a malicious string in the
SNMP options of a Device, performing command injection and obtaining remote code
execution on the underlying server. The `lib/snmp.php` file has a set of
functions, with similar behavior, that accept in input some variables and place
them into an `exec` call without a proper escape or validation. This issue has
been addressed in version 1.2.25. Users are advised to upgrade. There are no
known workarounds for this vulnerability.Published 2023-09-05CVSS Score
7.2Source & Patch Info CVE-2023-39362
MISC(link is external)Primary
Vendor -- Product msamsung_mobile -- multiple_productsDescription Improper input
validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior
to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with
Samsung Keyboard privilege.Published 2023-09-06CVSS Score 7.1Source & Patch Info
CVE-2023-30707
MISC(link is external)
Back to top
MEDIUM VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product yocto -- yoctoDescription In nvram, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS07937113; Issue ID:
ALPS07937113.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20821
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In netdagent, there is a possible
out of bounds write due to a missing bounds check. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID:
ALPS07944012.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20822
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gps, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08014144; Issue ID:
ALPS08014144.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20828
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gps, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08014144; Issue ID:
ALPS08014148.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20829
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gps, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08014144; Issue ID:
ALPS08014156.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20830
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gps, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08014144; Issue ID:
ALPS08014162.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20831
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gps, there is a possible out of
bounds write due to a missing bounds check. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08014144; Issue ID:
ALPS08013530.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20832
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In seninf, there is a possible
out of bounds write due to a missing bounds check. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID:
ALPS07992786.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-20837
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper access
control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers
launch activity with system privilege.Published 2023-09-06CVSS Score 6.7Source &
Patch Info CVE-2023-30709
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In wlan driver, there is a possible
out of bounds write due to improper input validation. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID:
ALPS07441589.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-32806
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In connectivity system driver, there
is a possible out of bounds write due to improper input validation. This could
lead to local escalation of privilege with System execution privileges needed.
User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue
ID: ALPS07929848.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-32811
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gnss service, there is a possible
out of bounds write due to improper input validation. This could lead to local
esclation of privileges with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID:
ALPS08017365.Published 2023-09-04CVSS Score 6.7Source & Patch Info
CVE-2023-32812
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In gnss service, there is a
possible out of bounds write due to a missing bounds check. This could lead to
local escalation of privilege with System execution privileges neededPublished
2023-09-04CVSS Score 6.7Source & Patch Info CVE-2023-38553
MISC(link is external)Primary
Vendor -- Product solarwinds_ -- serv-u
Description A vulnerability has been identified within Serv-U 15.4 and 15.4
Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor
authentication. The actor must have administrator-level access to Serv-U to
perform this action. 15.4. SolarWinds found that the issue was not completely
fixed in 15.4 Hotfix 1. Published 2023-09-07CVSS Score 6.6Source & Patch Info
CVE-2023-40060
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- security_guardiumDescription IBM Security Guardium
10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of
service due to due to improper input validation. IBM X-Force ID:
240894.Published 2023-09-05CVSS Score 6.5Source & Patch Info CVE-2022-43903
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys, there is a possible out
of bounds read and write due to a missing valid range checking. This could lead
to local escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID:
ALPS07326430.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20840
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys, there is a possible out
of bounds write due to a missing valid range checking. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID:
ALPS07326441.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20841
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds write due to a missing valid range checking. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID:
ALPS07340477.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20842
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds read due to a missing valid range checking. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:
ALPS07340433.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20848
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
use after free due to a missing valid range checking. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:
ALPS07340350.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20849
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds write due to a missing valid range checking. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:
ALPS07340381.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-20850
MISC(link is external)Primary
Vendor -- Product qualcomm -- qca6390Description Transient DOS in Bluetooth HOST
while passing descriptor to validate the blacklisted BT keyboard.Published
2023-09-05CVSS Score 6.5Source & Patch Info CVE-2023-21667
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription This issue was addressed with
improved state management. This issue is fixed in macOS Ventura 13.3. A user may
be able to cause a denial-of-service.Published 2023-09-06CVSS Score 6.5Source &
Patch Info CVE-2023-28187
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A denial-of-service issue was
addressed with improved input validation. This issue is fixed in macOS Ventura
13.3. A remote user may be able to cause a denial-of-service.Published
2023-09-06CVSS Score 6.5Source & Patch Info CVE-2023-28188
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
information disclosure vulnerability exists in the OAS Engine configuration
management functionality of Open Automation Software OAS Platform v18.00.0072. A
specially crafted series of network requests can lead to a disclosure of
sensitive information. An attacker can send a sequence of requests to trigger
this vulnerability.Published 2023-09-05CVSS Score 6.5Source & Patch Info
CVE-2023-32271
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription Error handling was changed
to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3.
A website may be able to track sensitive user information.Published
2023-09-06CVSS Score 6.5Source & Patch Info CVE-2023-32362
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In power, there is a possible out
of bounds write due to an insecure default value. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID:
ALPS08102892.Published 2023-09-04CVSS Score 6.5Source & Patch Info
CVE-2023-32805
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
improper input validation vulnerability exists in the OAS Engine User Creation
functionality of Open Automation Software OAS Platform v18.00.0072. A specially
crafted series of network requests can lead to unexpected data in the
configuration. An attacker can send a sequence of requests to trigger this
vulnerability.Published 2023-09-05CVSS Score 6.5Source & Patch Info
CVE-2023-34317
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product hyundai -- hyundai_2017Description A Hyundai model (2017) -
CWE-294: Authentication Bypass by Capture-replay.Published 2023-09-03CVSS Score
6.5Source & Patch Info CVE-2023-39373
MISC(link is external)Primary
Vendor -- Product google -- chromeDescription Incorrect security UI in BFCache
in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the
contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security
severity: High)Published 2023-09-05CVSS Score 6.5Source & Patch Info
CVE-2023-4764
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In ims service, there is a
possible memory corruption due to a race condition. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID:
ALPS07937105.Published 2023-09-04CVSS Score 6.4Source & Patch Info
CVE-2023-20827
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In pda, there is a possible use
after free due to a race condition. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS07608514; Issue ID:
ALPS07608514.Published 2023-09-04CVSS Score 6.4Source & Patch Info
CVE-2023-20834
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In camsys, there is a possible use
after free due to a race condition. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS07341261; Issue ID:
ALPS07326570.Published 2023-09-04CVSS Score 6.4Source & Patch Info
CVE-2023-20835
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Newsletter plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and
including, 7.8.9 due to insufficient input sanitization and output escaping on
user supplied attributes. This makes it possible for authenticated attackers
with contributor-level and above permissions to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page.Published
2023-09-07CVSS Score 6.4Source & Patch Info CVE-2023-4772
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WordPress Social Login
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4
due to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers with
contributor-level and above permissions to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.Published
2023-09-06CVSS Score 6.4Source & Patch Info CVE-2023-4773
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The User Submitted Posts plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions
up to, and including, 20230811 due to insufficient input sanitization and output
escaping on user supplied attributes like 'before'. This makes it possible for
authenticated attackers with contributor-level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-09-06CVSS Score 6.4Source & Patch Info
CVE-2023-4779
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Simple Download Counter plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and
including, 1.6 due to insufficient input sanitization and output escaping on
user supplied attributes like 'before' and 'after'. This makes it possible for
authenticated attackers, with contributor-level permissions and above, to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-09-09CVSS Score 6.4Source & Patch Info
CVE-2023-4838
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In stc, there is a possible out
of bounds read due to a race condition. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is needed
for exploitation. Patch ID: ALPS08048635; Issue ID: ALPS08048635.Published
2023-09-04CVSS Score 6.3Source & Patch Info CVE-2023-20851
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. Issues with Cacti Regular Expression
validation combined with the external links feature can lead to limited SQL
Injections and subsequent data leakage. This issue has been addressed in version
1.2.25. Users are advised to upgrade. There are no known workarounds for this
vulnerability.Published 2023-09-05CVSS Score 6.3Source & Patch Info
CVE-2023-39365
MISC(link is external)Primary
Vendor -- Product xwiki -- xwiki_platformDescription XWiki Platform is a generic
wiki platform offering runtime services for applications built on top of it. It
is possible in XWiki to execute Velocity code without having script right by
creating an XClass with a property of type "TextArea" and content type
"VelocityCode" or "VelocityWiki". For the former, the syntax of the document
needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In
both cases, when adding the property to an object, the Velocity code is executed
regardless of the rights of the author of the property (edit right is still
required, though). In both cases, the code is executed with the correct context
author so no privileged APIs can be accessed. However, Velocity still grants
access to otherwise inaccessible data and APIs that could allow further
privilege escalation. At least for "VelocityCode", this behavior is most likely
very old but only since XWiki 7.2, script right is a separate right, before that
version all users were allowed to execute Velocity and thus this was expected
and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1.
Users are advised to upgrade. There are no known workarounds.Published
2023-09-01CVSS Score 6.3Source & Patch Info CVE-2023-41046
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_airwaveDescription Aruba
AirWave before 8.0.7 allows XSS attacks agsinat an administrator.Published
2023-09-05CVSS Score 6.1Source & Patch Info CVE-2015-1390
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab affecting all versions starting from 4.1 before 16.1.5, all versions
starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1
where it was possible to create a URL that would redirect to a different
project.Published 2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-1279
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1
versions.Published 2023-09-06CVSS Score 6.1Source & Patch Info CVE-2023-29441
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider –
Avartan Slider Lite plugin <= 1.5.3 versions.Published 2023-09-04CVSS Score
6.1Source & Patch Info CVE-2023-30485
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image
compression plugin <= 3.1.10 versions.Published 2023-09-04CVSS Score 6.1Source &
Patch Info CVE-2023-30494
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4
versions.Published 2023-09-06CVSS Score 6.1Source & Patch Info CVE-2023-30497
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin
<= 2.2 versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info
CVE-2023-31220
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <= 2.2.9
versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-32296
MISC(link is external)Primary
Vendor -- Product shirasagi -- shirasagiDescription Reflected cross-site
scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote
unauthenticated attacker to execute an arbitrary script on the web browser of
the user who is logging in to the product.Published 2023-09-05CVSS Score
6.1Source & Patch Info CVE-2023-36492
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product 7twenty -- botDescription 7Twenty BOT - CWE-79: Improper
Neutralization of Input During Web Page Generation ('Cross-site
Scripting').Published 2023-09-03CVSS Score 6.1Source & Patch Info CVE-2023-37221
MISC(link is external)Primary
Vendor -- Product general_solutions_steiner_gmbh -- contwise_case2Description A
cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE
3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML
via a crafted payload injected into the fieldname parameter.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-37826
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product general_solutions_steiner_gmbh -- contwise_case2Description A
cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE
3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML
via a crafted payload injected into the executionBlockName parameter.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-37827
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product general_solutions_steiner_gmbh -- contwise_case2Description A
cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE
3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML
via a crafted payload injected into the Tasktyp parameter.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-37828
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product general_solutions_steiner_gmbh -- contwise_case2Description A
cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE
3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML
via a crafted payload injected into the notification.message parameter.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-37829
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product general_solutions_steiner_gmbh -- contwise_case2Description A
cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE
3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML
via a crafted payload injected into the name parameter.Published 2023-09-01CVSS
Score 6.1Source & Patch Info CVE-2023-37830
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4
versions.Published 2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-37893
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image
plugin <= 1.2 versions.Published 2023-09-01CVSS Score 6.1Source & Patch Info
CVE-2023-37997
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in XLPlugins User Email Verification for
WooCommerce plugin <= 3.5.0 versions.Published 2023-09-04CVSS Score 6.1Source &
Patch Info CVE-2023-39162
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors,
Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19
versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-39164
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to
poison data. The vulnerability is found in `graphs_new.php`. Several validations
are performed, but the `returnto` parameter is directly passed to
`form_save_button`. In order to bypass this validation, returnto must contain
`host.php`. This vulnerability has been addressed in version 1.2.25. Users are
advised to upgrade. Users unable to update should manually filter HTML
output.Published 2023-09-05CVSS Score 6.1Source & Patch Info CVE-2023-39360
MISC(link is external)Primary
Vendor -- Product startrinity -- softswitchDescription StarTrinity Softswitch
version 2023-02-16 - Multiple Reflected XSS (CWE-79)Published 2023-09-03CVSS
Score 6.1Source & Patch Info CVE-2023-39369
MISC(link is external)Primary
Vendor -- Product startrinity -- softswitchDescription StarTrinity Softswitch
version 2023-02-16 - Open Redirect (CWE-601)Published 2023-09-03CVSS Score
6.1Source & Patch Info CVE-2023-39371
MISC(link is external)Primary
Vendor -- Product typora -- typoraDescription A cross site scripting (XSS)
vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers
to execute arbitrary code via uploading a crafted Markdown file.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-39703
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_systemDescription Multiple cross-site
scripting (XSS) vulnerabilities in Free and Open Source Inventory Management
System v1.0 allows attackers to execute arbitrary web scripts or HTML via
injecting a crafted payload into the Name, Address, and Company parameters under
the Add Customer section.Published 2023-09-01CVSS Score 6.1Source & Patch Info
CVE-2023-39710
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_systemDescription Multiple cross-site
scripting (XSS) vulnerabilities in Free and Open Source Inventory Management
System v1.0 allows attackers to execute arbitrary web scripts or HTML via
injecting a crafted payload into the Name, Address, and Company parameters under
the Add New Member section.Published 2023-09-01CVSS Score 6.1Source & Patch Info
CVE-2023-39714
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package
plugin <= 1.6.01 versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info
CVE-2023-39918
MISC(link is external)Primary
Vendor -- Product i-pro_co._ltd. -- video_insightDescription Reflected
cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a
remote unauthenticated attacker to inject an arbitrary script.Published
2023-09-05CVSS Score 6.1Source & Patch Info CVE-2023-39938
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin
<= 3.0.0-beta.4 versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info
CVE-2023-39991
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar
for WordPress by vcita plugin <= 4.3.2 versions.Published 2023-09-04CVSS Score
6.1Source & Patch Info CVE-2023-39992
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image
compression plugin <= 3.1.11 versions.Published 2023-09-04CVSS Score 6.1Source &
Patch Info CVE-2023-40196
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15
versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-40205
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Aleksandar Uroševi? Stock Ticker plugin
<= 3.23.3 versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info
CVE-2023-40208
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4
versions.Published 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-40214
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Plausible.Io Plausible Analytics plugin
<= 1.3.3 versions.Published 2023-09-06CVSS Score 6.1Source & Patch Info
CVE-2023-40553
MISC(link is external)Primary
Vendor -- Product awordpress -- wordpressDescription Unauth. Reflected
Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social:
Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.Published
2023-09-06CVSS Score 6.1Source & Patch Info CVE-2023-40554
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin
<= 2.0.7 versions.Published 2023-09-06CVSS Score 6.1Source & Patch Info
CVE-2023-40601
MISC(link is external)Primary
Vendor -- Product senayan_library_management_system -- slims_9_bulianDescription
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server
Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-40969
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product decentraland -- single_sign_on_clientDescription
@dcl/single-sign-on-client is an open source npm library which deals with single
sign on authentication flows. Improper input validation in the `init` function
allows arbitrary javascript to be executed using the `javascript:` prefix. This
vulnerability has been patched on version `0.1.0`. Users are advised to upgrade.
Users unable to upgrade should limit untrusted user input to the `init`
function.Published 2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-41049
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Store Locator WordPress
plugin before 1.4.13 does not sanitise and escape an invalid nonce before
outputting it back in an AJAX response, leading to a Reflected Cross-Site
Scripting which could be used against high privilege users such as
adminPublished 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-4151
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Post Timeline WordPress
plugin before 2.2.6 does not sanitise and escape an invalid nonce before
outputting it back in an AJAX response, leading to a Reflected Cross-Site
Scripting which could be used against high privilege users such as
adminPublished 2023-09-04CVSS Score 6.1Source & Patch Info CVE-2023-4284
MISC(link is external)Primary
Vendor -- Product infosoftbd -- clcknshopDescription A vulnerability was found
in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This
vulnerability affects unknown code of the file /collection/all. The manipulation
of the argument q leads to cross site scripting. The attack can be initiated
remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The
vendor was contacted early about this disclosure but did not respond in any
way.Published 2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-4707
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totvs -- rmDescription A vulnerability classified as
problematic has been found in TOTVS RM 12.1. Affected is an unknown function of
the file Login.aspx of the component Portal. The manipulation of the argument
VIEWSTATE leads to cross site scripting. It is possible to launch the attack
remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor
was contacted early about this disclosure but did not respond in any
way.Published 2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-4709
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totvs -- rmDescription A vulnerability classified as
problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an
unknown functionality of the component Portal. The manipulation of the argument
d leads to cross site scripting. The attack can be launched remotely. The
identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was
contacted early about this disclosure but did not respond in any way.Published
2023-09-01CVSS Score 6.1Source & Patch Info CVE-2023-4710
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Simple Membership plugin
for WordPress is vulnerable to Reflected Cross-Site Scripting via the
`list_type` parameter in versions up to, and including, 4.3.5 due to
insufficient input sanitization and output escaping. Using this vulnerability,
unauthenticated attackers could inject arbitrary web scripts into pages that are
being executed if they can successfully trick a user into taking an action, such
as clicking a malicious link.Published 2023-09-06CVSS Score 6.1Source & Patch
Info CVE-2023-4719
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspexDescription IBM Aspera Faspex 5.0.5
transmits sensitive information in cleartext which could be obtained by an
attacker using man in the middle techniques. IBM X-Force ID: 244121.Published
2023-09-05CVSS Score 5.9Source & Patch Info CVE-2023-22870
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product moxa -- mxsecurityDescription A vulnerability has been
identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the
confidentiality and integrity of SSH communications at risk on the affected
device. This vulnerability is attributed to a hard-coded SSH host key, which
might facilitate man-in-the-middle attacks and enable the decryption of SSH
traffic.Published 2023-09-02CVSS Score 5.9Source & Patch Info CVE-2023-39982
MISC(link is external)Primary
Vendor -- Product oracle -- apache_nifi_minifi_c_plus_plusDescription Incorrect
certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to
0.14 allows an intermediary to present a forged certificate during TLS handshake
negotation. The Disable Peer Verification property of InvokeHTTP was effectively
flipped, disabling verification by default, when using HTTPS. Mitigation: Set
the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi
C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the
default behavior.Published 2023-09-03CVSS Score 5.9Source & Patch Info
CVE-2023-41180
MISC(link is external)Primary
Vendor -- Product apollo_router -- apollo_routerDescription The Apollo Router is
a configurable, high-performance graph router written in Rust to run a federated
supergraph that uses Apollo Federation 2. Affected versions are subject to a
Denial-of-Service (DoS) type vulnerability which causes the Router to panic and
terminate when GraphQL Subscriptions are enabled. It can be triggered when **all
of the following conditions are met**: 1. Running Apollo Router v1.28.0, v1.28.1
or v1.29.0 ("impacted versions"); **and** 2. The Supergraph schema provided to
the Router (either via Apollo Uplink or explicitly via other
configuration) **has a `subscription` type** with root-fields defined; **and**
3. The YAML configuration provided to the Router **has subscriptions enabled**
(they are _disabled_ by default), either by setting `enabled: true` _or_ by
setting a valid `mode` within the `subscriptions` object (as seen in
[subscriptions'
documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup));
**and** 4. An
[anonymous](https://spec.graphql.org/draft/#sec-Anonymous-Operation-Definitions)
(i.e., un-named) `subscription` operation (e.g., `subscription { ... }`) is
received by the Router If **all four** of these criteria are met, the impacted
versions will panic and terminate. There is no data-privacy risk or
sensitive-information exposure aspect to this vulnerability. This is fixed in
Apollo Router v1.29.1. Users are advised to upgrade. Updating to v1.29.1 should
be a clear and simple upgrade path for those running impacted versions. However,
if Subscriptions are **not** necessary for your Graph – but are enabled via
configuration — then disabling subscriptions is another option to mitigate the
risk.Published 2023-09-05CVSS Score 5.9Source & Patch Info CVE-2023-41317
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product adobe -- media_encoder
Description Adobe Media Encoder version 15.2 (and earlier) is affected by an
out-of-bounds read vulnerability that could lead to disclosure of sensitive
memory. An attacker could leverage this vulnerability to bypass mitigations such
as ASLR. Exploitation of this issue requires user interaction in that a victim
must open a malicious file.Published 2023-09-06CVSS Score 5.5Source & Patch Info
CVE-2021-36060
MISC(link is external)Primary
Vendor -- Product adobe -- acrobat_reader
Description Acrobat Reader DC versions 2021.005.20060 (and earlier),
2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a
Use After Free vulnerability that could lead to disclosure of sensitive memory.
An attacker could leverage this vulnerability to bypass mitigations such as
ASLR. Exploitation of this issue requires user interaction in that a victim must
open a malicious file.Published 2023-09-06CVSS Score 5.5Source & Patch Info
CVE-2021-39859
MISC(link is external)Primary
Vendor -- Product adobe -- acrobat_reader
Description Acrobat Reader DC versions 2020.013.20074 (and earlier),
2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an
out-of-bounds read vulnerability that could lead to disclosure of sensitive
memory. An attacker could leverage this vulnerability to bypass mitigations such
as ASLR. Exploitation of this issue requires user interaction in that a victim
must open a malicious file.Published 2023-09-07CVSS Score 5.5Source & Patch Info
CVE-2021-40723
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and
earlier) are affected by an Use-After-Free vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 5.5Source & Patch Info CVE-2021-40790
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 5.5Source & Patch Info CVE-2021-40791
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 5.5Source & Patch Info CVE-2021-42265
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected
by an out-of-bounds read vulnerability that could lead to disclosure of
sensitive memory. An attacker could leverage this vulnerability to bypass
mitigations such as ASLR. Exploitation of this issue requires user interaction
in that a victim must open a malicious file.Published 2023-09-07CVSS Score
5.5Source & Patch Info CVE-2021-42734
MISC(link is external)Primary
Vendor -- Product apple -- xcodeDescription The issue was addressed with
improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to
disclosure of user information.Published 2023-09-06CVSS Score 5.5Source & Patch
Info CVE-2022-32920
MISC(link is external)Primary
Vendor -- Product qualcomm -- aqt1000Description Information disclosure in
Automotive multimedia due to buffer over-read.Published 2023-09-05CVSS Score
5.5Source & Patch Info CVE-2022-33220
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In duraspeed, there is a possible
information disclosure due to a missing permission check. This could lead to
local information disclosure with no additional execution privilege needed. User
interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID:
ALPS07951402.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-20824
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In duraspeed, there is a possible
information disclosure due to a missing permission check. This could lead to
local information disclosure with no additional execution privilege needed. User
interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID:
ALPS07951413.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-20825
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In cta, there is a possible
information disclosure due to a missing permission check. This could lead to
local information disclosure with no additional execution privilege needed. User
interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID:
ALPS07978550.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-20826
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription An out-of-bounds read was addressed
with improved input validation. This issue is fixed in macOS Ventura 13.3.
Processing an image may result in disclosure of process memory.Published
2023-09-06CVSS Score 5.5Source & Patch Info CVE-2023-27950
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- sterling_external_authentication_serverDescription IBM
Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific
information about the system to obtain privileged information due to inadequate
memory clearing during operations. IBM X-Force ID: 252139.Published
2023-09-05CVSS Score 5.5Source & Patch Info CVE-2023-29261
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper
privilege management vulnerability in FolderLockNotifier in One UI Home prior to
SMR Sep-2023 Release 1 allows local attackers to change some settings of the
folder lock.Published 2023-09-06CVSS Score 5.5Source & Patch Info CVE-2023-30713
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper access
control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows
attackers to trigger certain commands.Published 2023-09-06CVSS Score 5.5Source &
Patch Info CVE-2023-30716
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription PendingIntent
hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local
attacker to gain arbitrary file access.Published 2023-09-06CVSS Score 5.5Source
& Patch Info CVE-2023-30720
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- galleryDescription Improper authentication
in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access
the data in content provider.Published 2023-09-06CVSS Score 5.5Source & Patch
Info CVE-2023-30725
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription PendingIntent
hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local
attackers to access data.Published 2023-09-06CVSS Score 5.5Source & Patch Info
CVE-2023-30726
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Intent
redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00
allows local attacker to access arbitrary file. This vulnerability requires user
interaction.Published 2023-09-06CVSS Score 5.5Source & Patch Info CVE-2023-30728
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Implicit intent
hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11,
12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in
Android 13 allows local attacker to access specific file.Published
2023-09-06CVSS Score 5.5Source & Patch Info CVE-2023-30730
MISC(link is external)Primary
Vendor -- Product ibm -- sterling_secure_proxyDescription IBM Sterling Secure
Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores
user credentials in plain clear text which can be read by a local user with
container access. IBM X-Force ID: 255585.Published 2023-09-05CVSS Score
5.5Source & Patch Info CVE-2023-32338
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A privacy issue was addressed with
improved handling of temporary files. This issue is fixed in macOS Ventura 13.4,
tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access
user-sensitive data.Published 2023-09-06CVSS Score 5.5Source & Patch Info
CVE-2023-32432
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription This issue was addressed with
improved checks to prevent unauthorized actions. This issue is fixed in tvOS
16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be
able to bypass Privacy preferences.Published 2023-09-06CVSS Score 5.5Source &
Patch Info CVE-2023-32438
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-33916
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-33917
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-33918
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privilegesPublished 2023-09-04CVSS Score
5.5Source & Patch Info CVE-2023-38436
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38437
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privilegesPublished 2023-09-04CVSS Score
5.5Source & Patch Info CVE-2023-38438
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38439
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38440
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38441
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38442
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38445
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38446
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38447
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38448
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifi service, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privileges.Published 2023-09-04CVSS
Score 5.5Source & Patch Info CVE-2023-38454
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38457
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38461
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38462
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vowifiservice, there is a
possible missing permission check. This could lead to local denial of service
with no additional execution privileges.Published 2023-09-04CVSS Score 5.5Source
& Patch Info CVE-2023-38463
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In ims service, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privilegesPublished 2023-09-04CVSS Score
5.5Source & Patch Info CVE-2023-38465
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In ims service, there is a
possible missing permission check. This could lead to local information
disclosure with no additional execution privilegesPublished 2023-09-04CVSS Score
5.5Source & Patch Info CVE-2023-38466
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In wcn bsp driver, there is a
possible out of bounds write due to a missing bounds check.This could lead to
local denial of service with no additional execution privilegesPublished
2023-09-04CVSS Score 5.5Source & Patch Info CVE-2023-38554
MISC(link is external)Primary
Vendor -- Product hyper_bump_it -- hyper_bump_itDescription hyper-bump-it is a
command line tool for updating the version in project files.`hyper-bump-it`
reads a file glob pattern from the configuration file. That is combined with the
project root directory to construct a full glob pattern that is used to find
files that should be edited. These matched files should be contained within the
project root directory, but that is not checked. This could result in changes
being written to files outside of the project. The default behaviour of
`hyper-bump-it` is to display the planned changes and prompt the user for
confirmation before editing any files. However, the configuration file provides
a field that can be used cause files to be edited without displaying the prompt.
This issue has been fixed in release version 0.5.1. Users are advised to
upgrade. Users that are unable to update from vulnerable versions, executing
`hyper-bump-it` with the `--interactive` command line argument will ensure that
all planned changes are displayed and prompt the user for confirmation before
editing any files, even if the configuration file contains
`show_confirm_prompt=true`.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-41057
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product catdoc -- catdocDescription Catdoc v0.95 was discovered to
contain a NULL pointer dereference via the component xls2csv at
src/fileutil.c.Published 2023-09-01CVSS Score 5.5Source & Patch Info
CVE-2023-41633
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product phpfusion -- phpfusionDescription Due to an out-of-date
dependency in the “Fusion File Manager” component accessible through the admin
panel, an attacker can send a crafted request that allows them to read the
contents of files on the system accessible within the privileges of the running
process. Additionally, they may write files to arbitrary locations, provided the
files pass the application’s mime-type and file extension validation. Published
2023-09-05CVSS Score 5.5Source & Patch Info CVE-2023-4480
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Floating Point Comparison with
Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.Published
2023-09-01CVSS Score 5.5Source & Patch Info CVE-2023-4720
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Out-of-bounds Read in GitHub
repository gpac/gpac prior to 2.3-DEV.Published 2023-09-01CVSS Score 5.5Source &
Patch Info CVE-2023-4721
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Integer Overflow or Wraparound in
GitHub repository gpac/gpac prior to 2.3-DEV.Published 2023-09-01CVSS Score
5.5Source & Patch Info CVE-2023-4722
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Out-of-bounds Write in GitHub
repository gpac/gpac prior to 2.3-DEV.Published 2023-09-04CVSS Score 5.5Source &
Patch Info CVE-2023-4754
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Use After Free in GitHub repository
gpac/gpac prior to 2.3-DEV.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-4755
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Stack-based Buffer Overflow in GitHub
repository gpac/gpac prior to 2.3-DEV.Published 2023-09-04CVSS Score 5.5Source &
Patch Info CVE-2023-4756
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Buffer Over-read in GitHub repository
gpac/gpac prior to 2.3-DEV.Published 2023-09-04CVSS Score 5.5Source & Patch Info
CVE-2023-4758
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gpac -- gpacDescription Out-of-bounds Read in GitHub
repository gpac/gpac prior to 2.3-DEV.Published 2023-09-05CVSS Score 5.5Source &
Patch Info CVE-2023-4778
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product searchblox -- searchbloxDescription SearchBlox product with
version before 9.2.1 is vulnerable to stored cross-site scripting at multiple
user input parameters. In SearchBlox products multiple parameters are not
sanitized/validate properly which allows an attacker to inject malicious
JavaScript.Published 2023-09-05CVSS Score 5.4Source & Patch Info CVE-2020-10128
MISC(link is external)Primary
Vendor -- Product navblue -- s.a.s_n-ops_&_crewDescription NAVBLUE S.A.S N-Ops &
Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).Published
2023-09-01CVSS Score 5.4Source & Patch Info CVE-2022-44349
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin
<= 2.0.6 versions.Published 2023-09-04CVSS Score 5.4Source & Patch Info
CVE-2023-32102
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin
<= 1.3.3 versions.Published 2023-09-04CVSS Score 5.4Source & Patch Info
CVE-2023-32578
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration
Shortcode plugin <= 1.5.6 versions.Published 2023-09-01CVSS Score 5.4Source &
Patch Info CVE-2023-37994
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin
Audio Player with Playlist Ultimate plugin <= 1.2.2 versions.Published
2023-09-03CVSS Score 5.4Source & Patch Info CVE-2023-38516
MISC(link is external)Primary
Vendor -- Product shirasagi -- shirasagiDescription Stored cross-site scripting
vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated
attacker to execute an arbitrary script on the web browser of the user who is
logging in to the product.Published 2023-09-05CVSS Score 5.4Source & Patch Info
CVE-2023-38569
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product startrinity -- softswitchDescription StarTrinity Softswitch
version 2023-02-16 - Persistent XSS (CWE-79)Published 2023-09-03CVSS Score
5.4Source & Patch Info CVE-2023-39370
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated
user to poison data stored in the _cacti_'s database. These data will be viewed
by administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The script under `host.php` is used to monitor and manage
hosts in the _cacti_ app, hence displays useful information such as data queries
and verbose logs. _CENSUS_ found that an adversary that is able to configure a
data-query template with malicious code appended in the template path, in order
to deploy a stored XSS attack against any user with the _General
Administration>Sites/Devices/Data_ privileges. A user that possesses the
_Template Editor>Data Queries_ permissions can configure the data query template
path in _cacti_. Please note that such a user may be a low privileged user. This
configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing
an existing or adding a new data query template. If a template is linked to a
device, then the formatted template path will be rendered in the device's
management page, when a _verbose data query_ is requested. This vulnerability
has been addressed in version 1.2.25. Users are advised to upgrade. Users unable
to update should manually filter HTML output.Published 2023-09-05CVSS Score
5.4Source & Patch Info CVE-2023-39513
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated
user to poison data stored in the _cacti_'s database. These data will be viewed
by administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The script under `graphs.php` displays graph details such
as data-source paths, data template information and graph related fields.
_CENSUS_ found that an adversary that is able to configure either a data-source
template with malicious code appended in the data-source name or a device with a
malicious payload injected in the device name, may deploy a stored XSS attack
against any user with _General Administration>Graphs_ privileges. A user that
possesses the _Template Editor>Data Templates_ permissions can configure the
data-source name in _cacti_. Please note that this may be a _low privileged_
user. This configuration occurs through `http://<HOST>/cacti/data_templates.php`
by editing an existing or adding a new data template. If a template is linked to
a graph, then the formatted template name will be rendered in the graph's
management page. A user that possesses the _General
Administration>Sites/Devices/Data_ permissions can configure the device name in
_cacti_. This vulnerability has been addressed in version 1.2.25. Users are
advised to upgrade. Users unable to upgrade should add manual HTML
escaping.Published 2023-09-05CVSS Score 5.4Source & Patch Info CVE-2023-39514
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in ???(std.Cloud) WxSync plugin
<= 2.7.23 versions.Published 2023-09-04CVSS Score 5.4Source & Patch Info
CVE-2023-39988
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin
<= 1.9.9 versions.Published 2023-09-04CVSS Score 5.4Source & Patch Info
CVE-2023-40197
MISC(link is external)Primary
Vendor -- Product i-pro_co._ltd. -- video_insightDescription Stored cross-site
scripting vulnerability in View setting page of VI Web Client prior to 7.9.6
allows a remote authenticated attacker to inject an arbitrary script.Published
2023-09-05CVSS Score 5.4Source & Patch Info CVE-2023-40535
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product i-pro_co._ltd. -- video_insightDescription Stored cross-site
scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6
allows a remote authenticated attacker to inject an arbitrary script.Published
2023-09-05CVSS Score 5.4Source & Patch Info CVE-2023-40705
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product f-revocrm -- f-revocrmDescription F-RevoCRM 7.3 series prior
to version7.3.8 contains a cross-site scripting vulnerability. If this
vulnerability is exploited, an arbitrary script may be executed on the web
browser of the user who is using the product.Published 2023-09-06CVSS Score
5.4Source & Patch Info CVE-2023-41150
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Font Awesome 4 Menus
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa'
and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to
insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.Published 2023-09-02CVSS Score
5.4Source & Patch Info CVE-2023-4718
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product saltstack -- saltDescription Salt masters prior to 3005.2 or
3006.2 contain a DOS in minion return. After receiving several bad packets on
the request server equal to the number of worker threads, the master will become
unresponsive to return requests until restarted.Published 2023-09-05CVSS Score
5.3Source & Patch Info CVE-2023-20897
MISC(link is external)Primary
Vendor -- Product github -- enterprise_serverDescription An
authorization/sensitive information disclosure vulnerability was identified in
GitHub Enterprise Server that allowed a fork to retain read access to an
upstream repository after its visibility was changed to private. This
vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0
and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability
was reported via the GitHub Bug Bounty program.Published 2023-09-01CVSS Score
5.3Source & Patch Info CVE-2023-23763
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product password_recovery -- password_recoveryDescription User
enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube,
which could allow a remote attacker to create a test script against the password
recovery function to enumerate all users in the database.Published
2023-09-04CVSS Score 5.3Source & Patch Info CVE-2023-3221
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A logic issue was addressed
with improved validation. This issue is fixed in macOS Ventura 13.3. Content
Security Policy to block domains with wildcards may fail.Published
2023-09-06CVSS Score 5.3Source & Patch Info CVE-2023-32370
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A permissions issue was
addressed with improved redaction of sensitive information. This issue is fixed
in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An
attacker may be able to leak user account emails.Published 2023-09-06CVSS Score
5.3Source & Patch Info CVE-2023-34352
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product moxa -- mxsecurityDescription A vulnerability that poses a
potential risk of polluting the MXsecurity sqlite database and the nsm-web UI
has been identified in MXsecurity versions prior to v1.0.1. This vulnerability
might allow an unauthenticated remote attacker to register or add devices via
the nsm-web application.Published 2023-09-02CVSS Score 5.3Source & Patch Info
CVE-2023-39983
MISC(link is external)Primary
Vendor -- Product vyperlang -- vyperDescription Vyper is a Pythonic Smart
Contract Language. For the following (probably non-exhaustive) list of
expressions, the compiler evaluates the arguments from right to left instead of
left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |,
&, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated),
bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs
and rhs are enums)`. This behaviour becomes a problem when the evaluation of one
of the arguments produces side effects that other arguments depend on. The
following expressions can produce side-effect: state modifying external call ,
state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array
stored in the storage, `create_minimal_proxy_to`, `create_copy_of`,
`create_from_blueprint`. This issue has not yet been patched. Users are advised
to make sure that the arguments of the expression do not produce side effects
or, if one does, that no other argument is dependent on those side
effects.Published 2023-09-04CVSS Score 5.3Source & Patch Info CVE-2023-40015
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab affecting all versions starting from 16.2 before 16.2.5, all versions
starting from 16.3 before 16.3.1. Due to improper permission validation it was
possible to create model experiments in public projects.Published 2023-09-01CVSS
Score 5.3Source & Patch Info CVE-2023-4018
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vyperlang -- vyperDescription Vyper is a Pythonic Smart
Contract Language. In affected versions the order of evaluation of the arguments
of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul`
does not follow source order. This behaviour is problematic when the evaluation
of one of the arguments produces side effects that other arguments depend on. A
patch is currently being developed on pull request #3583. When using builtins
from the list above, users should make sure that the arguments of the expression
do not produce side effects or, if one does, that no other argument is dependent
on those side effects.Published 2023-09-04CVSS Score 5.3Source & Patch Info
CVE-2023-41052
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cerebrate -- cerebrateDescription Cerebrate before 1.15 lacks
the Secure attribute for the session cookie.Published 2023-09-05CVSS Score
5.3Source & Patch Info CVE-2023-41908
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tenda -- ac6Description Tenda AC6
US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator
password) to cause a denial of service (device crash) via a long string in the
wifiPwd_5G parameter to /goform/setWifi.Published 2023-09-05CVSS Score 4.9Source
& Patch Info CVE-2021-40546
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- keyboardDescription Improper authorization
in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read
arbitrary file with system privilege.Published 2023-09-06CVSS Score 4.9Source &
Patch Info CVE-2023-30706
MISC(link is external)Primary
Vendor -- Product advanced_file_manager -- advanced_file_managerDescription The
Advanced File Manager WordPress plugin before 5.1.1 does not adequately
authorize its usage on multisite installations, allowing site admin users to
list and read arbitrary files and folders on the server.Published 2023-09-04CVSS
Score 4.9Source & Patch Info CVE-2023-3814
MISC(link is external)Primary
Vendor -- Product chamilo -- chamilo_lmsDescription SQL Injection vulnerability
in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to
obtain sensitive information via the import sessions functions.Published
2023-09-01CVSS Score 4.9Source & Patch Info CVE-2023-39582
MISC(link is external)Primary
Vendor -- Product instantcms -- instantcmsDescription External Control of System
or Configuration Setting in GitHub repository instantsoft/icms2 prior to
2.16.1-git.Published 2023-09-01CVSS Score 4.9Source & Patch Info CVE-2023-4704
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup
form plugin <= 7.1 versions.Published 2023-09-04CVSS Score 4.8Source & Patch
Info CVE-2023-25465
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin
<= 1.3.12 versions.Published 2023-09-01CVSS Score 4.8Source & Patch Info
CVE-2023-25477
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature
Image plugin <= 1.0.1.1 versions.Published 2023-09-01CVSS Score 4.8Source &
Patch Info CVE-2023-25488
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2
versions.Published 2023-09-01CVSS Score 4.8Source & Patch Info CVE-2023-34011
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Photo Gallery, Images,
Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and
escape some of its settings, which could allow high privilege users such as
admin to perform Stored Cross-Site Scripting attacks even when the
unfiltered_html capability is disallowed (for example in multisite
setup)Published 2023-09-04CVSS Score 4.8Source & Patch Info CVE-2023-3499
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories
plugin <= 2.0.0 versions.Published 2023-09-04CVSS Score 4.8Source & Patch Info
CVE-2023-36382
MISC(link is external)Primary
Vendor -- Product farsight_tech_nordic -- ab_provideDescription Farsight Tech
Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be
exploited by a user with administrator privilege.Published 2023-09-03CVSS Score
4.8Source & Patch Info CVE-2023-37222
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration,
Feedback & Project Management – Atarim plugin <= 3.9.3 versions.Published
2023-09-04CVSS Score 4.8Source & Patch Info CVE-2023-37393
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single
Sign On – YM SSO Login plugin <= 1.1.3 versions.Published 2023-09-01CVSS Score
4.8Source & Patch Info CVE-2023-37986
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <= 1.2.6
versions.Published 2023-09-03CVSS Score 4.8Source & Patch Info CVE-2023-38387
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client
Portal : SuiteDash Direct Login plugin <= 1.7.6 versions.Published
2023-09-03CVSS Score 4.8Source & Patch Info CVE-2023-38476
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro
plugin <= 1.25.0 versions.Published 2023-09-03CVSS Score 4.8Source & Patch Info
CVE-2023-38482
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Realwebcare WRC Pricing Tables
plugin <= 2.3.7 versions.Published 2023-09-03CVSS Score 4.8Source & Patch Info
CVE-2023-38517
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Visualmodo Borderless plugin
<= 1.4.8 versions.Published 2023-09-03CVSS Score 4.8Source & Patch Info
CVE-2023-38518
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Exifography plugin <= 1.3.1
versions.Published 2023-09-03CVSS Score 4.8Source & Patch Info CVE-2023-38521
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to
poison data stored in the _cacti_'s database. These data will be viewed by
administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The `data_sources.php` script displays the data source
management information (e.g., data source path, polling configuration etc.) for
different data visualizations of the _cacti_ app. CENSUS found that an adversary
that is able to configure a malicious Device name, can deploy a stored XSS
attack against any user of the same (or broader) privileges. A user that
possesses the _General Administration>Sites/Devices/Data_ permissions can
configure the device names in _cacti_. This configuration occurs through
`http://<HOST>/cacti/host.php`, while the rendered malicious payload is
exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been
addressed in version 1.2.25. Users are advised to upgrade. Users unable to
update should manually filter HTML output.Published 2023-09-05CVSS Score
4.8Source & Patch Info CVE-2023-39366
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to
poison data stored in the _cacti_'s database. These data will be viewed by
administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The`reports_admin.php` script displays reporting
information about graphs, devices, data sources etc. CENSUS found that an
adversary that is able to configure a malicious Device name, can deploy a stored
XSS attack against any user of the same (or broader) privileges. A user that
possesses the _General Administration>Sites/Devices/Data_ permissions can
configure the device names in _cacti_. This configuration occurs through
`http://<HOST>/cacti/host.php`, while the rendered malicious payload is
exhibited at `http://<HOST>/cacti/reports_admin.php` when a graph with the
maliciously altered device name is linked to the report. This vulnerability has
been addressed in version 1.2.25. Users are advised to upgrade. Users unable to
update should manually filter HTML output.Published 2023-09-05CVSS Score
4.8Source & Patch Info CVE-2023-39510
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated
user to poison data stored in the _cacti_'s database. These data will be viewed
by administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The script under `data_sources.php` displays the data
source management information (e.g., data source path, polling configuration,
device name related to the datasource etc.) for different data visualizations of
the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a
malicious device name, can deploy a stored XSS attack against any user of the
same (or broader) privileges. A user that possesses the _General
Administration>Sites/Devices/Data_ permissions can configure the device names in
_cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while
the rendered malicious payload is exhibited at
`http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in
version 1.2.25. Users are advised to upgrade. Users unable to update should
manually filter HTML output.Published 2023-09-05CVSS Score 4.8Source & Patch
Info CVE-2023-39512
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to
poison data stored in the cacti's database. These data will be viewed by
administrative cacti accounts and execute JavaScript code in the victim's
browser at view-time. The script under `data_debug.php` displays data source
related debugging information such as _data source paths, polling settings,
meta-data on the data source_. _CENSUS_ found that an adversary that is able to
configure a malicious data-source path, can deploy a stored XSS attack against
any user that has privileges related to viewing the `data_debug.php`
information. A user that possesses the _General
Administration>Sites/Devices/Data_ permissions can configure the data source
path in _cacti_. This configuration occurs through
`http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in
version 1.2.25. Users are advised to upgrade. Users unable to update should
manually filter HTML output.Published 2023-09-05CVSS Score 4.8Source & Patch
Info CVE-2023-39515
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open-source operational
monitoring and fault management framework. Affected versions are subject to a
Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated
user to poison data stored in the _cacti_'s database. These data will be viewed
by administrative _cacti_ accounts and execute JavaScript code in the victim's
browser at view-time. The script under `data_sources.php` displays the data
source management information (e.g., data source path, polling configuration
etc.) for different data visualizations of the _cacti_ app. CENSUS found that an
adversary that is able to configure a malicious data-source path, can deploy a
stored XSS attack against any user of the same (or broader) privileges. A user
that possesses the 'General Administration>Sites/Devices/Data' permissions can
configure the data source path in Cacti. This configuration occurs through
`http://<HOST>/cacti/data_sources.php`. The same page can be used for previewing
the data source path. This issue has been addressed in version 1.2.25. Users are
advised to upgrade. Users unable to upgrade should manually escape HTML
output.Published 2023-09-05CVSS Score 4.8Source & Patch Info CVE-2023-39516
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany –
Protected Shops plugin <= 2.0 versions.Published 2023-09-04CVSS Score 4.8Source
& Patch Info CVE-2023-39919
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin
<= 2.5 versions.Published 2023-09-04CVSS Score 4.8Source & Patch Info
CVE-2023-39987
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Ujwol Bastakoti CT Commerce plugin
<= 2.0.1 versions.Published 2023-09-06CVSS Score 4.8Source & Patch Info
CVE-2023-40007
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to
Similar Post plugin <= 1.0.3 versions.Published 2023-09-04CVSS Score 4.8Source &
Patch Info CVE-2023-40206
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0
versions.Published 2023-09-06CVSS Score 4.8Source & Patch Info CVE-2023-40328
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page |
WPZest plugin <= 1.2.0 versions.Published 2023-09-06CVSS Score 4.8Source & Patch
Info CVE-2023-40329
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators
plugin plugin <= 2.0.7 versions.Published 2023-09-06CVSS Score 4.8Source & Patch
Info CVE-2023-40552
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar
plugin <= 5.2 versions.Published 2023-09-06CVSS Score 4.8Source & Patch Info
CVE-2023-40560
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The AI ChatBot WordPress
plugin before 4.7.8 does not sanitise and escape some of its settings, which
could allow high privilege users such as admin to perform Stored Cross-Site
Scripting attacks even when the unfiltered_html capability is disallowed (for
example in multisite setup)Published 2023-09-04CVSS Score 4.8Source & Patch Info
CVE-2023-4253
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The AI ChatBot WordPress
plugin before 4.7.8 does not sanitise and escape some of its settings, which
could allow high privilege users such as admin to perform Stored Cross-Site
Scripting attacks even when the unfiltered_html capability is disallowed (for
example in multisite setup)Published 2023-09-04CVSS Score 4.8Source & Patch Info
CVE-2023-4254
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The 123.chat WordPress
plugin before 1.3.1 does not sanitise and escape some of its settings, which
could allow high privilege users such as admin to perform Stored Cross-Site
Scripting attacks even when the unfiltered_html capability is disallowed (for
example in multisite setup)Published 2023-09-04CVSS Score 4.8Source & Patch Info
CVE-2023-4298
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WordPress File Sharing
Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
admin settings in versions up to, and including, 2.0.3 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers, with administrator-level permissions and above, to inject arbitrary
web scripts in pages that will execute whenever a user accesses an injected
page. This only affects multi-site installations and installations where
unfiltered_html has been disabled.Published 2023-09-05CVSS Score 4.8Source &
Patch Info CVE-2023-4636
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vm-memory_project -- vm-memoryDescription In a typical Virtual
Machine Monitor (VMM) there are several components, such as boot loader, virtual
device drivers, virtio backend drivers and vhost drivers, that need to access
the VM physical memory. The vm-memory rust crate provides a set of traits to
decouple VM memory consumers from VM memory providers. An issue was discovered
in the default implementations of the `VolatileMemory::{get_atomic_ref,
aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which
allows out-of-bounds memory access if the `VolatileMemory::get_slice` function
returns a `VolatileSlice` whose length is less than the function’s `count`
argument. No implementations of `get_slice` provided in `vm_memory` are
affected. Users of custom `VolatileMemory` implementations may be impacted if
the custom implementation does not adhere to `get_slice`'s documentation. The
issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a
check that verifies that the `VolatileSlice` returned by `get_slice` is of the
correct length. Users are advised to upgrade. There are no known workarounds for
this issue.Published 2023-09-01CVSS Score 4.7Source & Patch Info CVE-2023-41051
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper
authorization vulnerability in FolderContainerDragDelegate in One UI Home prior
to SMR Sep-2023 Release 1 allows physical attackers to change some settings of
the folder lock.Published 2023-09-06CVSS Score 4.6Source & Patch Info
CVE-2023-30714
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In camera driver, there is a
possible out of bounds read due to a missing bounds check. This could lead to
local denial of service with System execution privileges needed.Published
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2022-47352
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In vdsp device, there is a
possible system crash due to improper input validation.This could lead to local
denial of service with System execution privileges needed.Published
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2022-47353
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In Ifaa service, there is a
possible missing permission check. This could lead to local denial of service
with System execution privileges needed.Published 2023-09-04CVSS Score 4.4Source
& Patch Info CVE-2022-48452
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In camera driver, there is a
possible out of bounds write due to a missing bounds check. This could lead to
local denial of service with System execution privileges needed.Published
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2022-48453
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In cmdq, there is a possible out
of bounds read due to an incorrect status check. This could lead to local denial
of service with System execution privileges needed. User interaction is not
needed for exploitation. Patch ID: ALPS08021592; Issue ID:
ALPS08021592.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-20823
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In keyinstall, there is a
possible information disclosure due to a missing bounds check. This could lead
to local information disclosure with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID:
ALPS08017764.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-20833
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In camsys, there is a possible
out of bounds read due to a missing bounds check. This could lead to local
information disclosure with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: ALPS07505629; Issue ID:
ALPS07505629.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-20836
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Insertion of
sensitive information into log vulnerability in Locksettings prior to SMR
Sep-2023 Release 1 allows a privileged local attacker to get lock screen match
information from the log.Published 2023-09-06CVSS Score 4.4Source & Patch Info
CVE-2023-30721
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In wlan service, there is a possible
out of bounds read due to improper input validation. This could lead to local
information disclosure with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: ALPS07588360; Issue ID:
ALPS07588360.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32807
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In bluetooth driver, there is a
possible read and write access to registers due to improper access control of
register interface. This could lead to local leak of sensitive information with
System execution privileges needed. User interaction is not needed for
exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.Published
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2023-32808
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In bluetooth driver, there is a
possible read and write access to registers due to improper access control of
register interface. This could lead to local leak of sensitive information with
System execution privileges needed. User interaction is not needed for
exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.Published
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2023-32809
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In bluetooth driver, there is a
possible out of bounds read due to improper input validation. This could lead to
local information leak with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: ALPS07867212; Issue ID:
ALPS07867212.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32810
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gnss service, there is a possible
out of bounds write due to improper input validation. This could lead to local
information disclosure with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: ALPS08017370; Issue ID:
ALPS08017370.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32813
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In gnss service, there is a
possible out of bounds read due to improper input validation. This could lead to
local information disclosure with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID:
ALPS08031947.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32814
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In gnss service, there is a possible
out of bounds read due to improper input validation. This could lead to local
information disclosure with System execution privileges needed. User interaction
is not needed for exploitation. Patch ID: ALPS08037801; Issue ID:
ALPS08037801.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32815
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In gnss service, there is a
possible out of bounds read due to improper input validation. This could lead to
local information disclosure with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID:
ALPS08044032.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32816
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In gnss service, there is a
possible out of bounds read due to improper input validation. This could lead to
local information disclosure with System execution privileges needed. User
interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID:
ALPS08044035.Published 2023-09-04CVSS Score 4.4Source & Patch Info
CVE-2023-32817
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In urild service, there is a
possible out of bounds write due to a missing bounds check. This could lead to
local denial of service with System execution privileges neededPublished
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2023-38467
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In urild service, there is a
possible out of bounds write due to a missing bounds check. This could lead to
local denial of service with System execution privileges neededPublished
2023-09-04CVSS Score 4.4Source & Patch Info CVE-2023-38468
MISC(link is external)Primary
Vendor -- Product motorola -- smartphone_firmwareDescription I some cases, when
the device is USB-tethered to a host PC, and the device is sharing its mobile
network connection with the host PC, if the user originates a call on the
device, then the device's modem may reset and cause the phone call to not
succeed. This may block the user from dialing emergency services. This patch
resolves the device's modem reset issue.Published 2023-09-01CVSS Score 4.3Source
& Patch Info CVE-2022-3407
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions
starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1
in which a project member can leak credentials stored in site profile.Published
2023-09-01CVSS Score 4.3Source & Patch Info CVE-2022-4343
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab affecting all versions starting from 10.0 before 16.1.5, all versions
starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1.
Due to improper permission validation it was possible to edit labels description
by an unauthorised user.Published 2023-09-01CVSS Score 4.3Source & Patch Info
CVE-2023-0120
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab affecting all versions starting from 15.2 before 16.1.5, all versions
starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1.
A namespace-level banned user can access the API.Published 2023-09-01CVSS Score
4.3Source & Patch Info CVE-2023-1555
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A logic issue was addressed with
improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3
and iPadOS 16.3. A user may send a text from a secondary eSIM despite
configuring a contact to use a primary eSIM.Published 2023-09-06CVSS Score
4.3Source & Patch Info CVE-2023-28208
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription Cacti is an open source operational
monitoring and fault management framework. There are two instances of insecure
deserialization in Cacti version 1.2.24. While a viable gadget chain exists in
Cacti’s vendor directory (phpseclib), the necessary gadgets are not included,
making them inaccessible and the insecure deserializations not exploitable. Each
instance of insecure deserialization is due to using the unserialize function
without sanitizing the user input. Cacti has a “safe” deserialization that
attempts to sanitize the content and check for specific values before calling
unserialize, but it isn’t used in these instances. The vulnerable code lies in
graphs_new.php, specifically within the host_new_graphs_save function. This
issue has been addressed in version 1.2.25. Users are advised to upgrade. There
are no known workarounds for this vulnerability.Published 2023-09-05CVSS Score
4.3Source & Patch Info CVE-2023-30534
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
improper resource allocation vulnerability exists in the OAS Engine
configuration management functionality of Open Automation Software OAS Platform
v18.00.0072. A specially crafted series of network requests can lead to creation
of an arbitrary directory. An attacker can send a sequence of requests to
trigger this vulnerability.Published 2023-09-05CVSS Score 4.3Source & Patch Info
CVE-2023-34994
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product open_automation_software -- oas_platformDescription An
information disclosure vulnerability exists in the OAS Engine configuration
management functionality of Open Automation Software OAS Platform v18.00.0072. A
specially crafted series of network requests can lead to a disclosure of
sensitive information. An attacker can send a sequence of requests to trigger
this vulnerability.Published 2023-09-05CVSS Score 4.3Source & Patch Info
CVE-2023-35124
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Profile Builder
WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation
function which allows unauthenticated users to create the register, log-in and
edit-profile pages from the plugin on the blogPublished 2023-09-04CVSS Score
4.3Source & Patch Info CVE-2023-4059
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The User Activity Log
WordPress plugin before 1.6.6 lacks proper authorisation when exporting its
activity logs, allowing any authenticated users, such as subscriber to perform
such action and retrieve PII such as email addresses.Published 2023-09-04CVSS
Score 4.3Source & Patch Info CVE-2023-4269
MISC(link is external)Primary
Vendor -- Product gitlab -- gitlabDescription An issue has been discovered in
GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all
versions starting from 16.2 before 16.2.5, all versions starting from 16.3
before 16.3.1. A malicious Maintainer can, under specific circumstances, leak
the sentry token by changing the configured URL in the Sentry error tracking
settings page. This was as a result of an incomplete fix for
CVE-2022-4365.Published 2023-09-01CVSS Score 4.3Source & Patch Info
CVE-2023-4378
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Duplicate Post Page Menu & Custom Post Type plugin for
WordPress is vulnerable to unauthorized page and post duplication due to a
missing capability check on the duplicate_ppmc_post_as_draft function in
versions up to, and including, 2.3.1. This makes it possible for authenticated
attackers with subscriber access or higher to duplicate posts and
pages.Published 2023-09-07CVSS Score 4.3Source & Patch Info CVE-2023-4792
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fortinet -- multiple_productsDescription An improper
certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below,
6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x
and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and
unauthenticated attacker to man-in-the-middle the communication between the
listed products and some external peers.Published 2023-09-01CVSS Score 4.2Source
& Patch Info CVE-2022-22305
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys, there is a possible out
of bounds read due to a missing valid range checking. This could lead to local
information disclosure with System execution privileges needed. User interaction
is needed for exploitation. Patch ID: ALPS07326455; Issue ID:
ALPS07326409.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20839
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds read due to a missing valid range checking. This could lead to
local information disclosure with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID:
ALPS07340119.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20843
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds read due to a missing valid range checking. This could lead to
local information disclosure with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID:
ALPS07340121.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20844
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys, there is a possible out
of bounds read due to a missing valid range checking. This could lead to local
information disclosure with System execution privileges needed. User interaction
is needed for exploitation. Patch ID: ALPS07197795; Issue ID:
ALPS07340357.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20845
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds read due to a missing valid range checking. This could lead to
local information disclosure with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID:
ALPS07340098.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20846
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys_cmdq, there is a possible
out of bounds read due to a missing valid range checking. This could lead to
local denial of service with System execution privileges needed. User
interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID:
ALPS07340108.Published 2023-09-04CVSS Score 4.2Source & Patch Info
CVE-2023-20847
MISC(link is external)Primary
Vendor -- Product yocto -- yoctoDescription In imgsys, there is a possible out
of bounds read due to a race condition. This could lead to local information
disclosure with System execution privileges needed. User interaction is needed
for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.Published
2023-09-04CVSS Score 4Source & Patch Info CVE-2023-20838
MISC(link is external)
Back to top
LOW VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability which could result
in a read past the end of an allocated memory structure. An attacker could
leverage this vulnerability to execute code in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open
a malicious file.Published 2023-09-07CVSS Score 3.3Source & Patch Info F
MISC(link is external)Primary
Vendor -- Product adobe -- premiere_pro
Description Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-43751
MISC(link is external)Primary
Vendor -- Product adobe -- lightroom_desktop
Description Adobe Lightroom versions 4.4 (and earlier) are affected by a
use-after-free vulnerability in the processing of parsing TIF files that could
result in privilege escalation. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-43753
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an Use-After-Free vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44189
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44190
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44191
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44192
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44193
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44194
MISC(link is external)Primary
Vendor -- Product adobe -- after_effects
Description Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
earlier) are affected by an out-of-bounds read vulnerability that could lead to
disclosure of sensitive memory. An attacker could leverage this vulnerability to
bypass mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file.Published 2023-09-07CVSS
Score 3.3Source & Patch Info CVE-2021-44195
MISC(link is external)Primary
Vendor -- Product apple -- macos_venturaDescription A privacy issue was
addressed with improved private data redaction for log entries. This issue is
fixed in macOS Ventura 13.3. An app may be able to read sensitive location
information.Published 2023-09-06CVSS Score 3.3Source & Patch Info CVE-2023-28195
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper
authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows
attacker to insert arbitrary data to the provider.Published 2023-09-06CVSS Score
3.3Source & Patch Info CVE-2023-30711
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Improper access
control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows
attackers to access location information set in Weather without
permission.Published 2023-09-06CVSS Score 3.3Source & Patch Info CVE-2023-30715
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Sensitive
information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
allows attackers to get unresettable identifiers.Published 2023-09-06CVSS Score
3.3Source & Patch Info CVE-2023-30717
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- multiple_productsDescription Exposure of
Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023
Release 1 allows local attackers to access certain message data.Published
2023-09-06CVSS Score 3.3Source & Patch Info CVE-2023-30719
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- galleryDescription Improper authentication
in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker
to access search history.Published 2023-09-06CVSS Score 3.3Source & Patch Info
CVE-2023-30724
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Orders Tracking for
WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url
parameter when importing a CSV file, allowing high privilege users with the
manage_woocommerce capability to access any file on the web server via a
Traversal attack. The content retrieved is however limited to the first line of
the file.Published 2023-09-04CVSS Score 2.7Source & Patch Info CVE-2023-4216
MISC(link is external)
Back to top
SEVERITY NOT YET ASSIGNED
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product tripodworks_co._ltd. -- gigapod_officehard_appliance_model
Description GIGAPOD file servers (Appliance model and Software model) provide
two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for
administrative operation. 8001/tcp is served by a version of Apache HTTP server
containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a
denial-of-service (DoS) condition.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2014-5329
MISC(link is external)Primary
Vendor -- Product searchblox -- searchblox
Description SearchBlox before Version 9.2.1 is vulnerable to Privileged
Escalation-Lower user is able to access Admin functionality.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2020-10129
MISC(link is external)Primary
Vendor -- Product searchblox -- searchblox
Description SearchBlox before Version 9.1 is vulnerable to business logic
bypass where the user is able to create multiple super admin users in the
system.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2020-10130
MISC(link is external)Primary
Vendor -- Product searchblox -- searchblox
Description SearchBlox before Version 9.2.1 is vulnerable to CSV macro
injection in "Featured Results" parameter.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2020-10131
MISC(link is external)Primary
Vendor -- Product searchblox -- searchblox
Description SearchBlox before Version 9.1 is vulnerable to cross-origin
resource sharing misconfiguration.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2020-10132
MISC(link is external)Primary
Vendor -- Product mofi_network -- mofi4500-4gxelte-v2
Description An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2
3.5.6-xnet-5052 allows attackers to bypass the authentication and execute
arbitrary code via crafted HTTP request.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2021-27715
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product insyde_software -- h20fft
Description An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT
6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and
copy memory is mishandled. This could cause memory corruption or a system
crash.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2021-33834
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product kodexplorer -- kodexplorer
Description A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45
allows remote attackers to run arbitrary code via /index.php page.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2021-36646
MISC(link is external)Primary
Vendor -- Product osticket -- osticket
Description A SQL injection vulnerability in the "Search" functionality of
"tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute
arbitrary SQL commands via the "keywords" and "topic_id" URL parameters
combination.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2021-45811
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or
persuade a naive user to supply sensitive information. IBM X-Force ID:
222567.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2022-22401
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus
altering the intended functionality potentially leading to credentials
disclosure within a trusted session. IBM X-Force ID: 222571.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2022-22402
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain
sensitive information, caused by the failure to properly enable HTTP Strict
Transport Security. An attacker could exploit this vulnerability to obtain
sensitive information using man in the middle techniques. IBM X-Force ID:
222576.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2022-22405
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather
sensitive information about the web application, caused by an insecure
configuration. IBM X-Force ID: 222592.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2022-22409
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product qnap_systems_inc. -- qvr_pro_client
Description An insertion of sensitive information into Log file vulnerability
has been reported to affect product. If exploited, the vulnerability possibly
provides local authenticated administrators with an additional, less-protected
path to acquiring the information via unspecified vectors. We have already fixed
the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS,
and Mac M1: QVR Pro Client 2.3.0.0420 and laterPublished 2023-09-08CVSS Score
not yet calculatedSource & Patch Info CVE-2022-27599
MISC(link is external)Primary
Vendor -- Product ibm -- security_directory_integrator
Description IBM Security Directory Server 7.2.0 could allow a remote attacker
to traverse directories on the system. An attacker could send a specially
crafted URL request containing "dot dot" sequences (/../) to view or write to
arbitrary files on the system. IBM X-Force ID: 228579.Published 2023-09-08CVSS
Score not yet calculatedSource & Patch Info CVE-2022-33164
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product software_ag -- webmethods_onedata
Description Version 10.11 of webMethods OneData runs an embedded instance of
Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port
2099 by default) and two RMI interfaces (listening on a single, dynamically
assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation
(RMI) registry which allows for remotely loading and processing data via RMI
interfaces. An unauthenticated attacker with network connectivity to the RMI
registry and RMI interface ports can abuse this functionality to instruct the
webMethods OneData application to load a malicious serialized Java object as a
parameter to one of the available Java methods presented by the RMI interface.
Once deserialized on the vulnerable server, the malicious code runs as whichever
operating system account is used to run the software, which in most cases is the
local System account on Windows.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-0925
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_identity_services_engine_software
Description A vulnerability in the Embedded Service Router (ESR) of Cisco ISE
could allow an authenticated, local attacker to read, write, or delete arbitrary
files on the underlying operating system and escalate their privileges to root.
To exploit this vulnerability, an attacker must have valid Administrator-level
privileges on the affected device. This vulnerability is due to improper
privilege management in the ESR console. An attacker could exploit this
vulnerability by sending a crafted request to an affected device. A successful
exploit could allow the attacker to elevate their privileges to root and read,
write, or delete arbitrary files from the underlying operating system of the
affected device. Note: The ESR is not enabled by default and must be licensed.
To verify the status of the ESR in the Admin GUI, choose Administration >
Settings > Protocols > IPSec.Published 2023-09-07CVSS Score not yet
calculatedSource & Patch Info CVE-2023-20193
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- samsung_mobile_devices
Description A vulnerability in the ERS API of Cisco ISE could allow an
authenticated, remote attacker to read arbitrary files on the underlying
operating system of an affected device. To exploit this vulnerability, an
attacker must have valid Administrator-level privileges on the affected device.
This vulnerability is due to improper privilege management in the ERS API. An
attacker could exploit this vulnerability by sending a crafted request to an
affected device. A successful exploit could allow the attacker to elevate their
privileges beyond the sphere of their intended access level, which would allow
them to obtain sensitive information from the underlying operating system. Note:
The ERS is not enabled by default. To verify the status of the ERS API in the
Admin GUI, choose Administration > Settings > API Settings > API Service
Settings.Published 2023-09-07CVSS Score not yet calculatedSource & Patch Info
CVE-2023-20194
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_broadworks
Description A vulnerability in the single sign-on (SSO) implementation of Cisco
BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services
Platform could allow an unauthenticated, remote attacker to forge the
credentials required to access an affected system. This vulnerability is due to
the method used to validate SSO tokens. An attacker could exploit this
vulnerability by authenticating to the application with forged credentials. A
successful exploit could allow the attacker to commit toll fraud or to execute
commands at the privilege level of the forged account. If that account is an
Administrator account, the attacker would have the ability to view confidential
information, modify customer settings, or modify settings for other users. To
exploit this vulnerability, the attacker would need a valid user ID that is
associated with an affected Cisco BroadWorks system.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-20238
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_identity_services_engine_software
Description A vulnerability in the RADIUS message processing feature of Cisco
Identity Services Engine (ISE) could allow an unauthenticated, remote attacker
to cause the affected system to stop processing RADIUS packets. This
vulnerability is due to improper handling of certain RADIUS accounting requests.
An attacker could exploit this vulnerability by sending a crafted authentication
request to a network access device (NAD) that uses Cisco ISE for authentication,
authorization, and accounting (AAA). This would eventually result in the NAD
sending a RADIUS accounting request packet to Cisco ISE. An attacker could also
exploit this vulnerability by sending a crafted RADIUS accounting request packet
to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit
could allow the attacker to cause the RADIUS process to unexpectedly restart,
resulting in authentication or authorization timeouts and denying legitimate
users access to the network or service. Clients already authenticated to the
network would not be affected. Note: To recover the ability to process RADIUS
packets, a manual restart of the affected Policy Service Node (PSN) may be
required. For more information, see the Details ["#details"] section of this
advisory.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-20243
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_small_business_rv_series_router_firmware
Description A vulnerability in the web-based management interface of Cisco
Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an
authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of requests that are sent to
the web-based management interface. An attacker could exploit this vulnerability
by sending a crafted request to the web-based management interface. A successful
exploit could allow the attacker to execute arbitrary code with root privileges
on an affected device. To exploit this vulnerability, the attacker must have
valid Administrator credentials on the affected device.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-20250
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_hyperflex_hx_data_platform
Description A vulnerability in the web-based management interface of Cisco
HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to
redirect a user to a malicious web page. This vulnerability is due to improper
input validation of the parameters in an HTTP request. An attacker could exploit
this vulnerability by persuading a user to click a crafted link. A successful
exploit could allow the attacker to redirect a user to a malicious
website.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-20263
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_adaptive_security_appliance_(asa)_software
Description A vulnerability in the remote access VPN feature of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to conduct a brute
force attack in an attempt to identify valid username and password combinations
or an authenticated, remote attacker to establish a clientless SSL VPN session
with an unauthorized user. This vulnerability is due to improper separation of
authentication, authorization, and accounting (AAA) between the remote access
VPN feature and the HTTPS management and site-to-site VPN features. An attacker
could exploit this vulnerability by specifying a default connection
profile/tunnel group while conducting a brute force attack or while establishing
a clientless SSL VPN session using valid credentials. A successful exploit could
allow the attacker to achieve one or both of the following: Identify valid
credentials that could then be used to establish an unauthorized remote access
VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA
Software Release 9.16 or earlier). Notes: Establishing a client-based remote
access VPN tunnel is not possible as these default connection profiles/tunnel
groups do not and cannot have an IP address pool configured. This vulnerability
does not allow an attacker to bypass authentication. To successfully establish a
remote access VPN session, valid credentials are required, including a valid
second factor if multi-factor authentication (MFA) is configured. Cisco will
release software updates that address this vulnerability. There are workarounds
that address this vulnerability.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-20269
MISC(link is external)Primary
Vendor -- Product electron -- electron
Description Electron is a framework which lets you write cross-platform desktop
applications using JavaScript, HTML and CSS. A Content-Security-Policy that
disables eval, specifically setting a `script-src` directive and _not_ providing
`unsafe-eval` in that directive, is not respected in renderers that have sandbox
disabled. i.e., `sandbox: false` in the `webPreferences` object. This allows
usage of methods like `eval()` and `new Function` unexpectedly which can result
in an expanded attack surface. This issue only ever affected the 22 and 23 major
versions of Electron and has been fixed in the latest versions of those release
lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2
We recommend all apps upgrade to the latest stable version of Electron. If
upgrading isn't possible, this issue can be addressed without upgrading by
enabling `sandbox: true` on all renderers.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-23623
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts
access to a resource from an unauthorized actor. IBM X-Force ID:
246713.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-24965
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description Improper data authorization check on Jinja templated queries in
Apache Superset up to and including 2.1.0 allows for an authenticated user to
issue queries on database tables they may not have access to.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-27523
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description A non Admin authenticated user could incorrectly create resources
using the import charts feature, on Apache Superset up to and including
2.1.0. Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-27526
MISC(link is external)Primary
Vendor -- Product hcl_software -- hcl_domino_server
Description In some configuration scenarios, the Domino server host name can be
exposed. This information could be used to target future attacks.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-28010
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description All of the above Aapna WordPress theme through 1.3, Anand WordPress
theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress
theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar
Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,
BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before
1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress
theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally
WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop
WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable
Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex
WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js
Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App
WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2,
Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1,
Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through
1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme
through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before
1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme
through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme
before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress
theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress
theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme
through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress
theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme
before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme
before 1.2.7 suffer from the same issue about the search box reflecting the
results causing XSS which allows an unauthenticated attacker to exploit against
users if they click a malicious link.Published 2023-09-04CVSS Score not yet
calculatedSource & Patch Info CVE-2023-2813
MISC(link is external)Primary
Vendor -- Product qualcomm_inc -- snapdragon
Description Memory corruption in WLAN while sending transmit command from HLOS
to UTF handlers.Published 2023-09-05CVSS Score not yet calculatedSource & Patch
Info CVE-2023-28544
MISC(link is external)Primary
Vendor -- Product qualcomm_inc -- snapdragon
Description Memory corruption in WLAN HAL while processing Tx/Rx commands from
QDART.Published 2023-09-05CVSS Score not yet calculatedSource & Patch Info
CVE-2023-28548
MISC(link is external)Primary
Vendor -- Product qualcomm_inc -- snapdragon
Description Memory corruption in WLAN HAL while parsing Rx buffer in processing
TLV payload.Published 2023-09-05CVSS Score not yet calculatedSource & Patch Info
CVE-2023-28549
MISC(link is external)Primary
Vendor -- Product qualcomm_inc -- snapdragon
Description Memory corruption in WLAN HAL while processing command parameters
from untrusted WMI payload.Published 2023-09-05CVSS Score not yet
calculatedSource & Patch Info CVE-2023-28557
MISC(link is external)Primary
Vendor -- Product qualcomm_inc -- snapdragon
Description Memory corruption in WLAN HAL while processing devIndex from
untrusted WMI payload.Published 2023-09-05CVSS Score not yet calculatedSource &
Patch Info CVE-2023-28560
MISC(link is external)Primary
Vendor -- Product electron -- electron
Description Electron is a framework which lets you write cross-platform desktop
applications using JavaScript, HTML and CSS. Electron apps using
`contextIsolation` and `contextBridge` are affected. This is a context isolation
bypass, meaning that code running in the main world context in the renderer can
reach into the isolated Electron context and perform privileged actions. This
issue is only exploitable if an API exposed to the main world via
`contextBridge` can return an object or array that contains a javascript object
which cannot be serialized, for instance, a canvas rendering context. This would
normally result in an exception being thrown `Error: object could not be
cloned`. The app side workaround is to ensure that such a case is not possible.
Ensure all values returned from a function exposed over the context bridge are
supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`,
`23.2.3`, and `22.3.6`.Published 2023-09-06CVSS Score not yet calculatedSource &
Patch Info CVE-2023-29198
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product samsung_mobile -- samsung_mobile_devices
Description Improper export of android application components vulnerability in
WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local
attacker to change a Auto Hotspot setting.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-30718
MISC(link is external)Primary
Vendor -- Product mikrotik -- routeros
Description The web server used by MikroTik RouterOS version 6 is affected by a
heap memory corruption issue. A remote and unauthenticated attacker can corrupt
the server's heap memory by sending a crafted HTTP request. As a result, the web
interface crashes and is immediately restarted. The issue was fixed in RouterOS
6.49.10 stable. RouterOS version 7 is not affected.Published 2023-09-07CVSS
Score not yet calculatedSource & Patch Info CVE-2023-30800
MISC(link is external)Primary
Vendor -- Product hpe -- oneview
Description Potential security vulnerability have been identified in Hewlett
Packard Enterprise OneView Software. This vulnerability could be remotely
exploited to allow authentication bypass, disclosure of sensitive information,
and denial of service.Published 2023-09-07CVSS Score not yet calculatedSource &
Patch Info CVE-2023-30908
MISC(link is external)Primary
Vendor -- Product ibm -- aspera_faspex
Description IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP
whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID:
254268.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-30995
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c50
Description Multiple TP-LINK products allow a network-adjacent authenticated
attacker to execute arbitrary OS commands. Affected products/versions are as
follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505',
Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20
firmware versions prior to 'Archer C20(JP)_V1_230616'.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-31188
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wacom -- drivers_for_windows
Description Wacom Drivers for Windows Incorrect Permission Assignment Local
Privilege Escalation Vulnerability. This vulnerability allows local attackers to
escalate privileges on affected installations of Wacom Drivers for Windows. An
attacker must first obtain the ability to execute low-privileged code on the
target system in order to exploit this vulnerability. The specific flaw exists
within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility.
The issue results from incorrect permissions on the WacomInstallI.txt file. An
attacker can leverage this vulnerability to escalate privileges and execute
arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-32162
MISC(link is external)Primary
Vendor -- Product wacom -- drivers_for_windows
Description Wacom Drivers for Windows Link Following Local Privilege Escalation
Vulnerability. This vulnerability allows local attackers to escalate privileges
on affected installations of Wacom Drivers for Windows. An attacker must first
obtain the ability to execute low-privileged code on the target system in order
to exploit this vulnerability. The specific flaw exists within the Tablet
Service. By creating a symbolic link, an attacker can abuse the service to
create a file. An attacker can leverage this vulnerability to escalate
privileges and execute arbitrary code in the context of SYSTEM. Was
ZDI-CAN-16857.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-32163
MISC(link is external)Primary
Vendor -- Product ibm -- maximo_asset_management
Description IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset
Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker
could inject malicious HTML code, which when viewed, would be executed in the
victim's Web browser within the security context of the hosting site. IBM
X-Force ID: 255072.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-32332
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dell -- dell_digital_delivery
Description Dell Digital Delivery versions prior to 5.0.82.0 contain an
Insecure Operation on Windows Junction / Mount Point vulnerability. A local
malicious user could potentially exploit this vulnerability to create arbitrary
folder leading to permanent Denial of Service (DOS).Published 2023-09-08CVSS
Score not yet calculatedSource & Patch Info CVE-2023-32470
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c50
Description Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505'
and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use
hard-coded credentials to login to the affected device, which may allow a
network-adjacent unauthenticated attacker to execute an arbitrary OS
command.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-32619
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description An Incorrect authorization check in SQLLab in Apache Superset
versions up to and including 2.1.0. This vulnerability allows an authenticated
user to query tables that they do not have proper access to within Superset. The
vulnerability can be exploited by leveraging a SQL parsing
vulnerability.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-32672
MISC(link is external)Primary
Vendor -- Product cloud_foundry -- routing
Description Cloud foundry routing release versions prior to 0.278.0 are
vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can
use this vulnerability for headers like B3 or X-B3-SpanID to affect the
identification value recorded in the logs in foundations.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-34041
MISC(link is external)Primary
Vendor -- Product isarnet_ag -- isarflow
Description A stored cross-site scripting (XSS) vulnerability in IsarNet AG
IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts
or HTML via injecting a crafted payload into the dashboard title parameter in
the IsarFlow Portal.Published 2023-09-05CVSS Score not yet calculatedSource &
Patch Info CVE-2023-34637
MISC(link is external)Primary
Vendor -- Product manageengine -- adselfservice_plus
Description ManageEngine ADSelfService Plus GINA Client Insufficient
Verification of Data Authenticity Authentication Bypass Vulnerability. This
vulnerability allows physically present attackers to execute arbitrary code on
affected installations of ManageEngine ADSelfService Plus. Authentication is not
required to exploit this vulnerability. The specific flaw exists within the
Password Reset Portal used by the GINA client. The issue results from the lack
of proper authentication of data received via HTTP. An attacker can leverage
this vulnerability to bypass authentication and execute code in the context of
SYSTEM. Was ZDI-CAN-17009.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-35719
MISC(link is external)Primary
Vendor -- Product mysten_labs -- sui
Description Mysten Labs Sui blockchain v1.2.0 was discovered to contain a stack
overflow via the component /spec/openrpc.json.Published 2023-09-08CVSS Score not
yet calculatedSource & Patch Info CVE-2023-36184
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description An improper default REST API permission for Gamma users in Apache
Superset up to and including 2.1.0 allows for an authenticated Gamma user to
test database connections.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-36387
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description Improper REST API permission in Apache Superset up to and including
2.1.0 allows for an authenticated Gamma users to test network connections,
possible SSRF.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-36388
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr802n
Description Multiple TP-LINK products allow a network-adjacent unauthenticated
attacker to execute arbitrary OS commands. Affected products/versions are as
follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008',
TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC
firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-36489
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fortinet -- fortiswitchmanager
Description An improper access control in Fortinet FortiSwitchManager version
7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated
read-only user to modify the interface settings via the API.Published
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-36635
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c20
Description Improper authentication vulnerability in Archer C20 firmware
versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent
unauthenticated attacker to execute an arbitrary OS command via a crafted
request to bypass authentication.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37284
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product samsung-- exynos
Description An issue was discovered in Samsung Exynos Mobile Processor,
Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos
1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos
Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an
improperly implemented security check for standard can disallow desired services
for a while via consecutive NAS messages.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37367
MISC(link is external)Primary
Vendor -- Product samsung-- exynos
Description An issue was discovered in Samsung Exynos Mobile Processor,
Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor,
and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850,
Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330,
Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto
T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause
abnormal termination via a malformed NR MM packet.Published 2023-09-08CVSS Score
not yet calculatedSource & Patch Info CVE-2023-37368
MISC(link is external)Primary
Vendor -- Product samsung-- exynos
Description An issue was discovered in Samsung Exynos Mobile Processor and
Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920).
Improper handling of length parameter inconsistency can cause incorrect packet
filtering.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-37377
MISC(link is external)Primary
Vendor -- Product cloudflare -- warp_client
Description Zero Trust Administrators have the ability to disallow end users
from disabling WARP on their devices. Override codes can also be created by the
Administrators to allow a device to temporarily be disconnected from WARP,
however, due to lack of server side validation, an attacker with local access to
the device, could extend the maximum allowed disconnected time of WARP client
granted by an override code by changing the date & time on the local device
where WARP is running.Published 2023-09-07CVSS Score not yet calculatedSource &
Patch Info CVE-2023-3747
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product crypto_currency_tracker -- crypto_currency_tracker
Description Incorrect access control in the User Registration page of Crypto
Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register
as an Admin account via a crafted POST request.Published 2023-09-08CVSS Score
not yet calculatedSource & Patch Info CVE-2023-37759
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation. When
nf_tables_delrule() is flushing table rules, it is not checked whether the chain
is bound and the chain's owner rule can also release the objects in certain
circumstances. We recommend upgrading past commit
6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-3777
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vanderbilt -- redcap
Description A stored cross-site scripting (XSS) vulnerability in the new REDCap
project creation function of Vanderbilt REDCap 13.1.35 allows attackers to
execute arbitrary web scripts or HTML via injecting a crafted payload into the
project title parameter.Published 2023-09-07CVSS Score not yet calculatedSource
& Patch Info CVE-2023-37798
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description If an attacker gains write access to the Apache Superset metadata
database, they could persist a specifically crafted Python object that may lead
to remote code execution on Superset's web backend. This vulnerability impacts
Apache Superset versions 1.5.0 up to and including 2.1.0.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-37941
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_9200/9000
Description Vulnerabilities exist in the BIOS implementation of Aruba 9200 and
9000 Series Controllers and Gateways that could allow an attacker to execute
arbitrary code early in the boot sequence. An attacker could exploit this
vulnerability to gain access to and change underlying sensitive information in
the affected controller leading to complete system compromise.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-38484
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_9200/9000
Description Vulnerabilities exist in the BIOS implementation of Aruba 9200 and
9000 Series Controllers and Gateways that could allow an attacker to execute
arbitrary code early in the boot sequence. An attacker could exploit this
vulnerability to gain access to and change underlying sensitive information in
the affected controller leading to complete system compromise.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-38485
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- aruba_9200/9000
Description A vulnerability in the secure boot implementation on affected Aruba
9200 and 9000 Series Controllers and Gateways allows an attacker to bypass
security controls which would normally prohibit unsigned kernel images from
executing. An attacker can use this vulnerability to execute arbitrary
runtime operating systems, including unverified and unsigned OS images.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-38486
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c1200
Description Archer C1200 firmware versions prior to 'Archer
C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer
C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute
arbitrary OS commands.Published 2023-09-06CVSS Score not yet calculatedSource &
Patch Info CVE-2023-38563
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_a10
Description Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504'
allows a network-adjacent unauthenticated attacker to execute arbitrary OS
commands.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-38568
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product i-pro_co_ltd -- vi_web_client
Description Open redirect vulnerability in VI Web Client prior to 7.9.6 allows
a remote unauthenticated attacker to redirect users to arbitrary web sites and
conduct phishing attacks via a specially crafted URL.Published 2023-09-05CVSS
Score not yet calculatedSource & Patch Info CVE-2023-38574
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c3150
Description Archer C3150 firmware versions prior to 'Archer
C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute
arbitrary OS commands.Published 2023-09-06CVSS Score not yet calculatedSource &
Patch Info CVE-2023-38588
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos
Description This issue was addressed with improved redaction of sensitive
information. This issue is fixed in macOS Ventura 13.5. An app may be able to
determine a user’s current location.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-38605
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos
Description A race condition was addressed with improved state handling. This
issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary
code with kernel privileges.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-38616
MISC(link is external)Primary
Vendor -- Product ibm -- qradar_wincollect_agent
Description IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to
run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack
that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID:
262542.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-38736
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product general_motors -- chevrolet_equinox_2021_software
Description Injecting random data into the USB memory area on a General Motors
(GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes
a Denial of Service (DoS) in the in-car infotainment system.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-39076
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c5
Description Archer C5 firmware all versions and Archer C7 firmware versions
prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated
attacker to execute arbitrary OS commands. Note that Archer C5 is no longer
supported, therefore the update for this product is not provided.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-39224
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description By default, stack traces for errors were enabled, which resulted in
the exposure of internal traces on REST API endpoints to users. This
vulnerability exists in Apache Superset versions up to and including
2.1.0.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39264
MISC(link is external)Primary
Vendor -- Product oracle -- apache_superset
Description Apache Superset would allow for SQLite database connections to be
incorrectly registered when an attacker uses alternative driver names
like sqlite+pysqlite or by using database imports. This could allow for
unexpected file creation on Superset webservers. Additionally, if Apache
Superset is using a SQLite database for its metadata (not advised for production
use) it could result in more severe vulnerabilities related to confidentiality
and integrity. This vulnerability exists in Apache Superset versions up to and
including 2.1.0.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-39265
MISC(link is external)Primary
Vendor -- Product go_standard_library -- html_template
Description The html/template package does not properly handle HTML-like ""
comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
cause the template parser to improperly interpret the contents of <script>
contexts, causing actions to be improperly escaped. This may be leveraged to
perform an XSS attack.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39318
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product go_standard_library -- html_template
Description The html/template package does not apply the proper rules for
handling occurrences of "<script", "<!--", and "</script" within JS literals in
<script> contexts. This may cause the template parser to improperly consider
script contexts to be terminated early, causing actions to be improperly
escaped. This could be leveraged to perform an XSS attack.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-39319
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product go_toolchain -- cmd/go
Description The go.mod toolchain directive, introduced in Go 1.21, can be
leveraged to execute scripts and binaries relative to the root of the module
when the "go" command was executed within the module. This applies to modules
downloaded using the "go" command from the module proxy, as well as modules
downloaded directly using VCS software.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39320
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product go_standard_library -- crypto/tls
Description Processing an incomplete post-handshake message for a QUIC
connection can cause a panic.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39321
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product go_standard_library -- crypto/tls
Description QUIC connections do not set an upper bound on the amount of data
buffered when reading post-handshake messages, allowing a malicious QUIC
connection to cause unbounded memory growth. With fix, connections now
consistently reject messages larger than 65KiB in size.Published 2023-09-08CVSS
Score not yet calculatedSource & Patch Info CVE-2023-39322
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cacti -- cacti
Description Cacti is an open source operational monitoring and fault management
framework. In Cacti 1.2.24, users with console access can be redirected to an
arbitrary website after a change password performed via a specifically crafted
URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and
reflects it in the form used to perform the change password. It's value is used
to perform a redirect via `header` PHP function. A user can be tricked in
performing the change password operation, e.g., via a phishing message, and then
interacting with the malicious website where the redirection has been performed,
e.g., downloading malwares, providing credentials, etc. This issue has been
addressed in version 1.2.25. Users are advised to upgrade. There are no known
workarounds for this vulnerability.Published 2023-09-05CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39364
MISC(link is external)Primary
Vendor -- Product resort_data_processing,_inc. -- irm_next_generation
Description The RDPCore.dll component as used in the IRM Next Generation
booking engine, allows a remote user to connect to customers with an "admin"
account and a corresponding password computed daily by a routine inside the DLL
file. Once reverse-engineered, this routine can help an attacker generate the
daily password and connect to application customers. Given that this is an
administrative account, anyone logging into a customer deployment has full,
unrestricted access to the application.Published 2023-09-07CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39420
MISC(link is external)Primary
Vendor -- Product resort_data_processing,_inc. -- irm_next_generation
Description The RDPWin.dll component as used in the IRM Next Generation booking
engine includes a set of hardcoded API keys for third-party services such as
Twilio and Vonage. These keys allow unrestricted interaction with these
services.Published 2023-09-07CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39421
MISC(link is external)Primary
Vendor -- Product resort_data_processing,_inc. -- irm_next_generation
Description The /irmdata/api/ endpoints exposed by the IRM Next Generation
booking engine authenticates requests using HMAC tokens. These tokens are
however exposed in a JavaScript file loaded on the client side, thus rendering
this extra safety mechanism useless.Published 2023-09-07CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39422
MISC(link is external)Primary
Vendor -- Product resort_data_processing,_inc. -- irm_next_generation
Description The RDPData.dll file exposes the /irmdata/api/common endpoint that
handles session IDs, among other features. By using a UNION SQL operator, an
attacker can leak the sessions table, obtain the currently valid sessions and
impersonate a currently logged-in user.Published 2023-09-07CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39423
MISC(link is external)Primary
Vendor -- Product resort_data_processing,_inc. -- irm_next_generation
Description A vulnerability in RDPngFileUpload.dll, as used in the IRM Next
Generation booking system, allows a remote attacker to upload arbitrary content
(such as a web shell component) to the SQL database and execute it with SYSTEM
privileges. This vulnerability requires authentication to be exploited but can
be paired with another vulnerability in the platform (CVE-2023-39420, which
grants access to hardcoded credentials) to carry the attack without having
assigned credentials. Published 2023-09-07CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39424
MISC(link is external)Primary
Vendor -- Product cacti -- cacti
Description Cacti is an open source operational monitoring and fault management
framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS)
Vulnerability which allows an authenticated user to poison data stored in the
_cacti_'s database. These data will be viewed by administrative _cacti_ accounts
and execute JavaScript code in the victim's browser at view-time. The script
under `reports_admin.php` displays reporting information about graphs, devices,
data sources etc. _CENSUS_ found that an adversary that is able to configure a
malicious device name, related to a graph attached to a report, can deploy a
stored XSS attack against any super user who has privileges of viewing the
`reports_admin.php` page, such as administrative accounts. A user that possesses
the _General Administration>Sites/Devices/Data_ permissions can configure the
device names in _cacti_. This configuration occurs through
`http://<HOST>/cacti/host.php`, while the rendered malicious payload is
exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the
maliciously altered device name is linked to the report. This issue has been
addressed in version 1.2.25. Users are advised to upgrade. Users unable to
upgrade should manually filter HTML output.Published 2023-09-06CVSS Score not
yet calculatedSource & Patch Info CVE-2023-39511
MISC(link is external)Primary
Vendor -- Product hexo -- hexo
Description Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file
read vulnerability.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39584
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product icewarp_inc. -- webclient
Description Cross Site Scripting vulnerability in IceWarp Corporation WebClient
v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted
payload to the mid parameter.Published 2023-09-05CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39598
MISC(link is external)Primary
Vendor -- Product buffalo_america_inc. -- terastation_nas_ts5410r
Description An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00
thru v.0.07 allows a remote attacker to obtain sensitive information via the
guest account function.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39620
MISC(link is external)Primary
Vendor -- Product prestasho -- prestashop
Description FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to
contain a reflected cross-site scripting (XSS) vulnerability via the callback
parameter at ajax.php.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39676
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_system
Description Multiple cross-site scripting (XSS) vulnerabilities in Free and
Open Source Inventory Management System v1.0 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal
and Paidbill parameters under the Add New Put section.Published 2023-09-07CVSS
Score not yet calculatedSource & Patch Info CVE-2023-39711
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_system
Description Multiple cross-site scripting (XSS) vulnerabilities in Free and
Open Source Inventory Management System v1.0 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into the Name,
Address, and Company parameters under the Add New Put section.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-39712
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_c5400
Description Archer C5400 firmware versions prior to 'Archer
C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute
arbitrary OS commands.Published 2023-09-06CVSS Score not yet calculatedSource &
Patch Info CVE-2023-39935
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product electron -- electron
Description Electron is a framework which lets you write cross-platform desktop
applications using JavaScript, HTML and CSS. Electron apps that are launched as
command line executables are impacted. Specifically this issue can only be
exploited if the following conditions are met: 1. The app is launched with an
attacker-controlled working directory and 2. The attacker has the ability to
write files to that working directory. This makes the risk quite low, in fact
normally issues of this kind are considered outside of our threat model as
similar to Chromium we exclude Physically Local Attacks but given the ability
for this issue to bypass certain protections like ASAR Integrity it is being
treated with higher importance. This issue has been fixed in
versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There
are no app side workarounds, users must update to a patched version of
Electron.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39956
MISC(link is external)Primary
Vendor -- Product wiremock -- wiremock
Description WireMock is a tool for mocking HTTP services. When certain request
URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields,
the request might be forwarded to an arbitrary service reachable from WireMock’s
instance. There are 3 identified potential attack vectors: via “TestRequester”
functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP
Headers, HTTP Data, it allows sending requests with the default level of
credentials for the WireMock instance. The vendor has discontinued the affected
Wiremock studio product and there will be no fix. Users are advised to find
alternatives.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-39967
MISC(link is external)Primary
Vendor -- Product argo_cd -- argo_cd
Description Argo CD is a declarative continuous deployment for Kubernetes. Argo
CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply.
As a result, the full secret body is stored
in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request
#7139 introduced the ability to manage cluster labels and annotations. Since
clusters are stored as secrets it also exposes the
`kubectl.kubernetes.io/last-applied-configuration` annotation which includes
full secret body. In order to view the cluster annotations via the Argo CD API,
the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster
secrets do not contain any actually-secret information. But sometimes, as in
bearer-token auth, the contents might be very sensitive. The bug has been
patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade.
Users unable to upgrade should update/deploy cluster secret with
`server-side-apply` flag which does not use or rely on
`kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation
for existing secrets will require manual removal.Published 2023-09-07CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40029
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation. On
an error when building a nftables rule, deactivating immediate expressions in
nft_immediate_deactivate() can lead unbinding the chain and objects be
deactivated but later used. We recommend upgrading past commit
0a771f7b266b02d262900c75f1e175c7fe76fec2.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4015
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Media from FTP WordPress plugin before 11.17 does not properly
limit who can use the plugin, which may allow users with author+ privileges to
move files around, like wp-config.php, which may lead to RCE in some
cases.Published 2023-09-04CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4019
MISC(link is external)Primary
Vendor -- Product tp-link -- deco_m4
Description Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build
20230619' allows a network-adjacent authenticated attacker to execute arbitrary
OS commands.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40193
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product trusted_firmware-m -- trusted_firmware-m
Description In Trusted Firmware-M through TF-Mv1.8.0, for platforms that
integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software
Interface is selected, and the Authenticated Encryption with Associated Data
Chacha20-Poly1305 algorithm is used, with the single-part verification function
(defined during the build-time configuration phase) implemented with a dedicated
function (i.e., not relying on usage of multipart functions), the buffer
comparison during the verification of the authentication tag does not happen on
the full 16 bytes but just on the first 4 bytes, thus leading to the possibility
that unauthenticated payloads might be identified as authentic. This affects
TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.Published 2023-09-08CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40271
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sap_se -- sap_s/4hana
Description SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori
apps allow an attacker to redirect users to a malicious site due to insufficient
URL validation. As a result, it may have a slight impact on confidentiality and
integrity.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40306
MISC(link is external)Primary
Vendor -- Product samsung-- exynos
Description An issue was discovered in Exynos Mobile Processor 980 and 2100. An
integer overflow at a buffer index can prevent the execution of requested
services via a crafted application.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40353
MISC(link is external)Primary
Vendor -- Product tp-link -- multiple_products
Description Multiple TP-LINK products allow a network-adjacent authenticated
attacker to execute arbitrary OS commands. Affected products/versions are as
follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529',
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10
firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000
firmware versions prior to 'Archer AX11000(JP)_V1_230523'.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-40357
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_ventura
Description A privacy issue was addressed with improved private data redaction
for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able
to read sensitive location information.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40392
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos_ventura
Description The issue was addressed with improved checks. This issue is fixed
in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary
javascript code execution.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40397
MISC(link is external)Primary
Vendor -- Product tp-link -- archer_ax6000
Description Archer AX6000 firmware versions prior to 'Archer
AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated
attacker to execute arbitrary OS commands.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40531
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product argo_cd -- argo_cd
Description Argo CD is a declarative continuous deployment for Kubernetes. All
versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server
component is vulnerable to a Denial-of-Service attack vector. Specifically, the
said component extracts a user-controlled tar.gz file without validating the
size of its inner files. As a result, a malicious, low-privileged user can send
a malicious tar.gz file that exploits this vulnerability to the repo-server,
thereby harming the system's functionality and availability. Additionally, the
repo-server is susceptible to another vulnerability due to the fact that it does
not check the extracted file permissions before attempting to delete them.
Consequently, an attacker can craft a malicious tar.gz archive in a way that
prevents the deletion of its inner files when the manifest generation process is
completed. A patch for this vulnerability has been released in versions 2.6.15,
2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely
resolve the issue is to upgrade, however users unable to upgrade should
configure RBAC (Role-Based Access Control) and provide access for configuring
applications only to a limited number of administrators. These administrators
should utilize trusted and verified Helm charts.Published 2023-09-07CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40584
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product golang -- golang
Description go-ethereum (geth) is a golang execution layer implementation of
the Ethereum protocol. A vulnerable node can be made to consume unbounded
amounts of memory when handling specially crafted p2p messages sent from an
attacker node. The fix is included in geth version `1.12.1-stable`, i.e,
`1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known
workarounds for this vulnerability.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40591
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product solarview_compact -- solarview_compact
Description SolarView Compact < 6.00 is vulnerable to Directory
Traversal.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40924
MISC(link is external)
MISCPrimary
Vendor -- Product tenda -- ac9
Description Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack
overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.Published
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-40942
MISC(link is external)Primary
Vendor -- Product icms -- icms
Description icms 7.0.16 is vulnerable to Cross Site Request Forgery
(CSRF).Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40953
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product china_mobile_communications --
china_mobile_intelligent_home_gateway
Description An issue in China Mobile Communications China Mobile Intelligent
Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via
the authentication mechanism.Published 2023-09-05CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41012
MISC(link is external)Primary
Vendor -- Product zope -- zope
Description AccessControl provides a general security framework for use in
Zope. Python's "format" functionality allows someone controlling the format
string to "read" objects accessible (recursively) via attribute access and
subscription from accessible objects. Those attribute accesses and subscriptions
use Python's full blown `getattr` and `getitem`, not the policy restricted
`AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical
information disclosure. `AccessControl` already provides a safe variant for
`str.format` and denies access to `string.Formatter`. However, `str.format_map`
is still unsafe. Affected are all users who allow untrusted users to create
`AccessControl` controlled Python code and execute it. A fix has been introduced
in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known
workarounds for this vulnerability.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41050
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product redis -- redis
Description Redis is an in-memory database that persists on disk. Redis does
not correctly identify keys accessed by `SORT_RO` and as a result may grant
users executing this command access to keys that are not explicitly authorized
by the ACL configuration. The problem exists in Redis 7.0 or newer and has been
fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no
known workarounds for this vulnerability.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41053
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_products
Description A validation issue was addressed with improved logic. This issue is
fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted
attachment may result in arbitrary code execution. Apple is aware of a report
that this issue may have been actively exploited.Published 2023-09-07CVSS Score
not yet calculatedSource & Patch Info CVE-2023-41061
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_products
Description A buffer overflow issue was addressed with improved memory
handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS
16.6.1. Processing a maliciously crafted image may lead to arbitrary code
execution. Apple is aware of a report that this issue may have been actively
exploited.Published 2023-09-07CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41064
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tef-dokumentation_gmbh -- tef_portalDescription TEF portal
2023-07-17 is vulnerable to a persistent cross site scripting
(XSS)attack.Published 2023-09-05CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41107
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tef-dokumentation_gmbh -- tef_portalDescription TEF portal
2023-07-17 is vulnerable to authenticated remote code execution.Published
2023-09-05CVSS Score not yet calculatedSource & Patch Info CVE-2023-41108
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product usermin -- usermin
Description Multiple stored cross-site scripting (XSS) vulnerabilities in
Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via
the key comment to different pages such as public key details, Export key, sign
key, send to key server page, and fetch from key server page tab.Published
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-41161
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tolgee -- tolgee
Description Tolgee is an open-source localization platform. Due to lack of
validation field - Org Name, bad actor can send emails with HTML injected code
to the victims. Registered users can inject HTML into unsanitized emails from
the Tolgee instance to other users. This unsanitized HTML ends up in invitation
emails which appear as legitimate org invitations. Bad actors may direct users
to malicious website or execute javascript in the context of the users browser.
This vulnerability has been addressed in version 3.29.2. Users are advised to
upgrade. There are no known workarounds for this vulnerability.Published
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-41316
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product matrix-media-repo -- matrix-media-repo
Description matrix-media-repo is a highly customizable multi-domain media
repository for the Matrix chat ecosystem. In affected versions an attacker could
upload a malicious piece of media to the media repo, which would then be served
with `Content-Disposition: inline` upon download. This vulnerability could be
leveraged to execute scripts embedded in SVG content. Commits `77ec235` and
`bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should
upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should
override the `Content-Disposition` header returned by matrix-media-repo as a
workaround.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41318
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ethyca -- fidesDescription Fides is an open-source privacy
engineering platform for managing the fulfillment of data privacy requests in a
runtime environment, and the enforcement of privacy regulations in code. The
Fides webserver API allows custom integrations to be uploaded as a ZIP file.
This ZIP file must contain YAML files, but Fides can be configured to also
accept the inclusion of custom Python code in it. The custom code is executed in
a restricted, sandboxed environment, but the sandbox can be bypassed to execute
any arbitrary code. The vulnerability allows the execution of arbitrary code on
the target system within the context of the webserver python process owner on
the webserver container, which by default is `root`, and leverage that access to
attack underlying infrastructure and integrated systems. This vulnerability
affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API
clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides
Admin UI this scope is restricted to highly privileged users, specifically root
users and users with the owner role. Exploitation is only possible if the
security configuration parameter `allow_custom_connector_functions` is enabled
by the user deploying the Fides webserver container, either in `fides.toml` or
by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`.
By default, this configuration parameter is disabled. The vulnerability has been
patched in Fides version `2.19.0`. Users are advised to upgrade to this version
or later to secure their systems against this threat. Users unable to upgrade
should ensure that `allow_custom_connector_functions` in `fides.toml` and the
`FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or
explicit set to `False`.Published 2023-09-06CVSS Score not yet calculatedSource
& Patch Info CVE-2023-41319
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wiremock -- wiremock
Description WireMock is a tool for mocking HTTP services. WireMock can be
configured to only permit proxying (and therefore recording) to certain
addresses. This is achieved via a list of allowed address rules and a list of
denied address rules, where the allowed list is evaluated first. Until WireMock
Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the
proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable
regardless of the `limitProxyTargets` settings. Via the WireMock webhooks
configuration, POST requests from a webhook might be forwarded to an arbitrary
service reachable from WireMock’s instance. For example, if someone is running
the WireMock docker Container inside a private cluster, they can trigger
internal POST requests against unsecured APIs or even against secure ones by
passing a token, discovered using another exploit, via authentication headers.
This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock
studio has been discontinued and will not see a fix. Users unable to upgrade
should use external firewall rules to define the list of permitted
destinations.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-41327
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product frappe -- frappe
Description Frappe is a low code web framework written in Python and
Javascript. A SQL Injection vulnerability has been identified in the Frappe
Framework which could allow a malicious actor to access sensitive information.
This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised
to upgrade. There's no workaround to fix this without upgrading.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-41328
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wiremock -- wiremock
Description WireMock is a tool for mocking HTTP services. The proxy mode of
WireMock, can be protected by the network restrictions configuration, as
documented in Preventing proxying to and recording from specific target
addresses. These restrictions can be configured using the domain names, and in
such a case the configuration is vulnerable to the DNS rebinding attacks. A
similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook
Extensions. The root cause of the attack is a defect in the logic which allows
for a race condition triggered by a DNS server whose address expires in between
the initial validation and the outbound network request that might go to a
domain that was supposed to be prohibited. Control over a DNS service is
required to exploit this attack, so it has high execution complexity and limited
impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and
wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone,
version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and
3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade.
Users unable to upgrade should either configure firewall rules to define the
list of permitted destinations or to configure WireMock to use IP addresses
instead of the domain names.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41329
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product knplabs -- knplabs/knp-snappy
Description knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or
PDF generation from a url or a html page. ## Issue On March 17th the
vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote
code execution through PHAR deserialization. Version 1.4.2 added a check `if
(\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to
resolve this CVE, however if the user is able to control the second parameter of
the `generateFromHtml()` function of Snappy, it will then be passed as the
`$filename` parameter in the `prepareOutput()` function. In the original
vulnerability, a file name with a `phar://` wrapper could be sent to the
`fileExists()` function, equivalent to the `file_exists()` PHP function. This
allowed users to trigger a deserialization on arbitrary PHAR files. To fix this
issue, the string is now passed to the `strpos()` function and if it starts with
`phar://`, an exception is raised. However, PHP wrappers being case insensitive,
this patch can be bypassed using `PHAR://` instead of `phar://`. A successful
exploitation of this vulnerability allows executing arbitrary code and accessing
the underlying filesystem. The attacker must be able to upload a file and the
server must be running a PHP version prior to 8. This issue has been addressed
in commit `d3b742d61a` which has been included in version 1.4.3. Users are
advised to upgrade. Users unable to upgrade should ensure that only trusted
users may submit data to the `AbstractGenerator->generate(...)`
function.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41330
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gofiber -- fiber
Description Fiber is an Express inspired web framework built in the go
language. Versions of gofiber prior to 2.49.2 did not properly restrict access
to localhost. This issue impacts users of our project who rely on the
`ctx.IsFromLocal` method to restrict access to localhost requests. If exploited,
it could allow unauthorized access to resources intended only for localhost.
Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will
result in true for `ctx.IsFromLocal`. Access is limited to the scope of the
affected process. This issue has been patched in version `2.49.2` with commit
`b8c9ede6`. Users are advised to upgrade. There are no known workarounds to
remediate this vulnerability without upgrading to the patched version.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-41338
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product super_store_finder -- super_store_finder
Description A hard coded password in Super Store Finder v3.6 allows attackers
to access the administration panel.Published 2023-09-05CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41508
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cockpit-hq -- cockpit_cms
Description An arbitrary file upload vulnerability in the Upload Asset function
of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a
crafted .shtml file.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41564
MISC(link is external)Primary
Vendor -- Product blood_bank_&_donor_management -- blood_bank_&_donor_management
Description Multiple stored cross-site scripting (XSS) vulnerabilities in
/bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to
execute arbitrary web scripts or HTML via a crafted payload injected into the
Full Name, Message, or Address parameters.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41575
MISC(link is external)Primary
Vendor -- Product jeecg -- jeecg
Description Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file
read vulnerability via the interface /testConnection.Published 2023-09-08CVSS
Score not yet calculatedSource & Patch Info CVE-2023-41578
MISC(link is external)Primary
Vendor -- Product dairy_farm_shop_management_system --
dairy_farm_shop_management_system
Description Dairy Farm Shop Management System Using PHP and MySQL v1.1 was
discovered to contain multiple SQL injection vulnerabilities in the Login
function via the Username and Password parameters.Published 2023-09-08CVSS Score
not yet calculatedSource & Patch Info CVE-2023-41594
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product csz_cms -- csz_cms
Description Multiple cross-site scripting (XSS) vulnerabilities in
install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web
scripts or HTML via a crafted payload injected into the Database Username or
Database Host parameters.Published 2023-09-06CVSS Score not yet calculatedSource
& Patch Info CVE-2023-41601
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product phpgurukul -- zoo_management_system
Description Zoo Management System v1.0 was discovered to contain multiple SQL
injection vulnerabilities in the Admin sign-in page via the username and
password fields.Published 2023-09-08CVSS Score not yet calculatedSource & Patch
Info CVE-2023-41615
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product buttercup -- buttercup
Description Buttercup v2.20.3 allows attackers to obtain the hash of the master
password for the password manager via accessing the file /vaults.json/Published
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-41646
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macos
Description Improper access control vulnerability in 'direct' Desktop App for
macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction
and to use camrea, microphone, etc. of the device where the product is installed
without the user's consent.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41775
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product openpmix -- pmix
Description OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers
to obtain ownership of arbitrary files via a race condition during execution of
library code with UID 0.Published 2023-09-09CVSS Score not yet calculatedSource
& Patch Info CVE-2023-41915
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and
earlier does not restrict the 'name' query parameter when rendering a history
entry, allowing attackers to have Jenkins render a manipulated configuration
history that was not created by the plugin.Published 2023-09-06CVSS Score not
yet calculatedSource & Patch Info CVE-2023-41930
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and
earlier does not property sanitize or escape the timestamp value from history
entries when rendering a history entry on the history view, resulting in a
stored cross-site scripting (XSS) vulnerability.Published 2023-09-06CVSS Score
not yet calculatedSource & Patch Info CVE-2023-41931
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and
earlier does not restrict 'timestamp' query parameters in multiple endpoints,
allowing attackers with to delete attacker-specified directories on the Jenkins
controller file system as long as they contain a file called
'history.xml'.Published 2023-09-06CVSS Score not yet calculatedSource & Patch
Info CVE-2023-41932
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and
earlier does not configure its XML parser to prevent XML external entity (XXE)
attacks.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41933
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and
earlier does not properly mask (i.e., replace with asterisks) usernames of
credentials specified in custom Maven settings in Pipeline build logs if "Treat
username as secret" is checked.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41934
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except
378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when
checking whether the provided and expected CSRF protection nonce are equal,
potentially allowing attackers to use statistical methods to obtain a valid
nonce.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41935
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Google Login Plugin 1.7 and earlier uses a non-constant
time comparison function when checking whether the provided and expected token
are equal, potentially allowing attackers to use statistical methods to obtain a
valid token.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41936
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3
(both inclusive) trusts values provided in the webhook payload, including
certain URLs, and uses configured Bitbucket credentials to connect to those
URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by
sending a crafted webhook payload.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41937
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy
Plugin 2.5 and earlier allows attackers to delete disabled modules.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-41938
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that
permissions configured to be granted are enabled, potentially allowing users
formerly granted (typically optional permissions, like Overall/Manage) to access
functionality they're no longer entitled to.Published 2023-09-06CVSS Score not
yet calculatedSource & Patch Info CVE-2023-41939
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins TAP Plugin 2.3 and earlier does not escape TAP file
contents, resulting in a stored cross-site scripting (XSS) vulnerability
exploitable by attackers able to control TAP file contents.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-41940
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description A missing permission check in Jenkins AWS CodeCommit Trigger Plugin
3.0.12 and earlier allows attackers with Overall/Read permission to enumerate
credentials IDs of AWS credentials stored in Jenkins.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-41941
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description A cross-site request forgery (CSRF) vulnerability in Jenkins AWS
CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS
queue.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41942
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not
perform a permission check in an HTTP endpoint, allowing attackers with
Overall/Read permission to clear the SQS queue.Published 2023-09-06CVSS Score
not yet calculatedSource & Patch Info CVE-2023-41943
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not
escape the queue name parameter passed to a form validation URL, when rendering
an error message, resulting in an HTML injection vulnerability.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-41944
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that
the permissions it grants are enabled, resulting in users with EDIT permissions
to be granted Overall/Manage and Overall/SystemRead permissions, even if those
permissions are disabled and should not be granted.Published 2023-09-06CVSS
Score not yet calculatedSource & Patch Info CVE-2023-41945
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal
Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing
using attacker-specified credentials, and to retrieve test IDs and names from
Frugal Testing, if a valid credential corresponds to the attacker-specified
username.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41946
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description A missing permission check in Jenkins Frugal Testing Plugin 1.1 and
earlier allows attackers with Overall/Read permission to connect to Frugal
Testing using attacker-specified credentials.Published 2023-09-06CVSS Score not
yet calculatedSource & Patch Info CVE-2023-41947
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's net/sched:
cls_route component can be exploited to achieve local privilege escalation. When
route4_change() is called on an existing filter, the whole tcf_result struct is
always copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always called on
the old instance in the success path, decreasing filter_cnt of the still
referenced class and allowing it to be deleted, leading to a use-after-free. We
recommend upgrading past commit
b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4206
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw component can be exploited to achieve local privilege escalation. When
fw_change() is called on an existing filter, the whole tcf_result struct is
always copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always called on
the old instance in the success path, decreasing filter_cnt of the still
referenced class and allowing it to be deleted, leading to a use-after-free. We
recommend upgrading past commit
76e42ae831991c828cffa8c37736ebfb831ad5ec.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4207
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u32 component can be exploited to achieve local privilege escalation. When
u32_change() is called on an existing filter, the whole tcf_result struct is
always copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always called on
the old instance in the success path, decreasing filter_cnt of the still
referenced class and allowing it to be deleted, leading to a use-after-free. We
recommend upgrading past commit
3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4208
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jeecg -- jeecgDescription Jeecg boot up to v3.5.3 was
discovered to contain a SQL injection vulnerability via the component
/jeecg-boot/jmreport/show.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42268
MISC(link is external)Primary
Vendor -- Product hutool -- hutool
Description hutool v5.8.21 was discovered to contain a buffer overflow via the
component jsonArray.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-42276
MISC(link is external)Primary
Vendor -- Product hutool -- hutool
Description hutool v5.8.21 was discovered to contain a buffer overflow via the
component jsonObject.putByPath.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42277
MISC(link is external)Primary
Vendor -- Product hutool -- hutool
Description hutool v5.8.21 was discovered to contain a buffer overflow via the
component JSONUtil.parse().Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42278
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation. Due
to a race condition between nf_tables netlink control plane transaction and
nft_set element garbage collection, it is possible to underflow the reference
counter causing a use-after-free vulnerability. We recommend upgrading past
commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.Published 2023-09-06CVSS Score
not yet calculatedSource & Patch Info CVE-2023-4244
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description This User Activity Log WordPress plugin before 1.6.7 retrieves
client IP addresses from potentially untrusted headers, allowing an attacker to
manipulate its value. This may be used to hide the source of malicious
traffic.Published 2023-09-04CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4279
MISC(link is external)Primary
Vendor -- Product beyondtrust -- privileged_remote_access
Description BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)
versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can
be exploited through a malicious HTTP request. Successful exploitation of this
vulnerability can allow an unauthenticated remote attacker to execute underlying
operating system commands within the context of the site user. This issue is
fixed in version 23.2.3.Published 2023-09-05CVSS Score not yet calculatedSource
& Patch Info CVE-2023-4310
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ardereg -- sistemas_scada
Description ARDEREG Sistema SCADA Central versions 2.203 and prior login page
are vulnerable to an unauthenticated blind SQL injection attack. An attacker
could manipulate the application's SQL query logic to extract sensitive
information or perform unauthorized actions within the database. In this case,
the vulnerability could allow an attacker to execute arbitrary SQL queries
through the login page, potentially leading to unauthorized access, data
leakage, or even disruption of critical industrial processes.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-4485
MISCPrimary
Vendor -- Product tenda -- n300
Description Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated
access to pages that in turn should be accessible to authenticated users
onlyPublished 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4498
MISC(link is external)Primary
Vendor -- Product redwood_software -- jscape_mft_server
Description Unsafe deserialization in JSCAPE MFT Server versions prior
to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary
Java code (including OS commands) via its management interfacePublished
2023-09-07CVSS Score not yet calculatedSource & Patch Info CVE-2023-4528
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product delinea -- secret_server
Description File accessibility vulnerability in Delinea Secret Server, in its
v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could
allow an authenticated user with administrative privileges to create a backup
file in the application's webroot directory, changing the default backup
directory to the wwwroot folder, and download it with some configuration files
such as encryption.config/ and database.config stored in the wwwroot directory,
exposing the database credentials in plain text.Published 2023-09-06CVSS Score
not yet calculatedSource & Patch Info CVE-2023-4588
MISC(link is external)Primary
Vendor -- Product delinea -- secret_server
Description Insufficient verification of data authenticity vulnerability in
Delinea Secret Server, in its v10.9.000002 version. An attacker with an
administrator account could perform software updates without proper integrity
verification mechanisms. In this scenario, the update process lacks digital
signatures and fails to validate the integrity of the update package, allowing
the attacker to inject malicious applications during the update.Published
2023-09-06CVSS Score not yet calculatedSource & Patch Info CVE-2023-4589
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's af_unix
component can be exploited to achieve local privilege escalation. The
unix_stream_sendpage() function tries to add data to the last skb in the peer's
recv queue without locking the queue. Thus, there is a race where
unix_stream_sendpage() could access an skb locklessly that is being released by
garbage collection, resulting in use-after-free. We recommend upgrading past
commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.Published 2023-09-06CVSS Score
not yet calculatedSource & Patch Info CVE-2023-4622
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A use-after-free vulnerability in the Linux kernel's net/sched:
sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve
local privilege escalation. If a class with a link-sharing curve (i.e., with the
HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf()
will call vttree_insert() on the parent, but vttree_remove() will be skipped in
update_vf(). This leaves a dangling pointer that can cause a use-after-free. We
recommend upgrading past commit
b3d26c5702c7d6c45456326e56d2ccf3f103e60f.Published 2023-09-06CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4623
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product delta_electronics -- cncsoft-b_dopsoft
Description Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions
4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could
allow an attacker to execute arbitrary code.Published 2023-09-07CVSS Score not
yet calculatedSource & Patch Info CVE-2023-4685
MISCPrimary
Vendor -- Product dreamer_cms -- dreamer_cms
Description A vulnerability was found in Dreamer CMS up to 4.1.3. It has been
classified as problematic. Affected is an unknown function of the file
/upload/ueditorConfig?action=config. The manipulation leads to files or
directories accessible. It is possible to launch the attack remotely. The
complexity of an attack is rather high. The exploitability is told to be
difficult. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted
early about this disclosure but did not respond in any way.Published
2023-09-03CVSS Score not yet calculatedSource & Patch Info CVE-2023-4743
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product byzoro -- smart_s85f_management_platform
Description A vulnerability was found in Beijing Baichuo Smart S45F
Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It
has been rated as critical. Affected by this issue is some unknown functionality
of the file /importexport.php. The manipulation leads to sql injection. The
attack may be launched remotely. The exploit has been disclosed to the public
and may be used. VDB-238634 is the identifier assigned to this
vulnerability.Published 2023-09-04CVSS Score not yet calculatedSource & Patch
Info CVE-2023-4745
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkins
Description An incorrect permission check in Qualys Container Scanning
Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure
permission (while lacking Item/Configure permission on any particular job) to
enumerate credentials IDs of credentials stored in Jenkins and to connect to an
attacker-specified URL using attacker-specified credentials IDs, capturing
credentials stored in Jenkins. Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4777
MISC(link is external)Primary
Vendor -- Product hashicorp -- terraform
Description Terraform version 1.0.8 through 1.5.6 allows arbitrary file write
during the `init` operation if run on maliciously crafted Terraform
configuration. This vulnerability is fixed in Terraform 1.5.7.Published
2023-09-08CVSS Score not yet calculatedSource & Patch Info CVE-2023-4782
MISC(link is external)Primary
Vendor -- Product openssl -- openssl
Description Issue summary: The POLY1305 MAC (message authentication code)
implementation contains a bug that might corrupt the internal state of
applications on the Windows 64 platform when running on newer X86_64 processors
supporting the AVX512-IFMA instructions. Impact summary: If in an application
that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences. The POLY1305 MAC (message authentication
code) implementation in OpenSSL does not save the contents of non-volatile XMM
registers on Windows 64 platform when calculating the MAC of data larger than 64
bytes. Before returning to the caller all the XMM registers are set to zero
rather than restoring their previous content. The vulnerable code is used only
on newer x86_64 processors supporting the AVX512-IFMA instructions. The
consequences of this kind of internal application state corruption can be
various - from no consequences, if the calling application does not depend on
the contents of non-volatile XMM registers at all, to the worst consequences,
where the attacker could get complete control of the application process.
However, given the contents of the registers are just zeroized so the attacker
cannot put arbitrary values inside, the most likely consequence, if any, would
be an incorrect result of some application dependent calculations or a crash
leading to a denial of service. The POLY1305 MAC algorithm is most frequently
used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with
associated data) algorithm. The most common usage of this AEAD cipher is with
TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether
this AEAD cipher is used by the server. This implies that server applications
using OpenSSL can be potentially impacted. However, we are currently not aware
of any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue. As a workaround the AVX512-IFMA
instructions support can be disabled at runtime by setting the environment
variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not
affected by this issue.Published 2023-09-08CVSS Score not yet calculatedSource &
Patch Info CVE-2023-4807
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product answerdev -- answerdev/answer
Description In pf packet processing with a 'scrub fragment reassemble' rule, a
packet containing multiple IPv6 fragment headers would be reassembled, and then
immediately processed. That is, a packet with multiple fragment extension
headers would not be recognized as the correct ultimate payload. Instead, a
packet with multiple IPv6 fragment headers would unexpectedly be interpreted as
a fragmented packet, rather than as whatever the real payload is. As a result,
IPv6 fragments may bypass pf firewall rules written on the assumption all
fragments have been reassembled and, as a result, be forwarded or processed by
the host.Published 2023-09-06CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4809
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product answerdev -- answerdev/answer
Description Missing Authentication for Critical Function in GitHub repository
answerdev/answer prior to v1.1.3.Published 2023-09-07CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4815
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product pegasystems -- pega_platform
Description Pega Platform versions 7.1 to 8.8.3 are affected by an HTML
Injection issue with a name field utilized in Visual Business Director, however
this field can only be modified by an authenticated administrative
user.Published 2023-09-08CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4843
MISC(link is external)Primary
Vendor -- Product sourcecodester -- inventory_management_system
Description A vulnerability was found in SourceCodester Simple Membership
System 1.0. It has been classified as critical. This affects an unknown part of
the file club_edit_query.php. The manipulation of the argument club_id leads to
sql injection. It is possible to initiate the attack remotely. The exploit has
been disclosed to the public and may be used. The identifier VDB-239253 was
assigned to this vulnerability.Published 2023-09-08CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4844
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- simple_membership_system
Description A vulnerability was found in SourceCodester Simple Membership
System 1.0. It has been declared as critical. This vulnerability affects unknown
code of the file account_edit_query.php. The manipulation of the argument
admin_id leads to sql injection. The attack can be initiated remotely. The
exploit has been disclosed to the public and may be used. VDB-239254 is the
identifier assigned to this vulnerability.Published 2023-09-09CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4845
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- simple_membership_system
Description A vulnerability was found in SourceCodester Simple Membership
System 1.0. It has been rated as critical. This issue affects some unknown
processing of the file delete_member.php. The manipulation of the argument
mem_id leads to sql injection. The attack may be initiated remotely. The exploit
has been disclosed to the public and may be used. The associated identifier of
this vulnerability is VDB-239255.Published 2023-09-09CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4846
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- simple_book_catalog_app
Description A vulnerability classified as problematic has been found in
SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of
the component Update Book Form. The manipulation of the argument
book_title/book_author leads to cross site scripting. It is possible to launch
the attack remotely. The exploit has been disclosed to the public and may be
used. The identifier of this vulnerability is VDB-239256.Published
2023-09-09CVSS Score not yet calculatedSource & Patch Info CVE-2023-4847
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- simple_book_catalog_app
Description A vulnerability classified as critical was found in SourceCodester
Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown
functionality of the file delete_book.php. The manipulation of the argument
delete leads to sql injection. The attack can be launched remotely. The exploit
has been disclosed to the public and may be used. The identifier VDB-239257 was
assigned to this vulnerability.Published 2023-09-09CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4848
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibos
Description A vulnerability, which was classified as critical, has been found
in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the
file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads
to sql injection. The attack may be launched remotely. The exploit has been
disclosed to the public and may be used. VDB-239258 is the identifier assigned
to this vulnerability.Published 2023-09-09CVSS Score not yet calculatedSource &
Patch Info CVE-2023-4849
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibos
Description A vulnerability, which was classified as critical, was found in
IBOS OA 4.5.5. This affects an unknown part of the file
?r=dashboard/position/del. The manipulation leads to sql injection. It is
possible to initiate the attack remotely. The exploit has been disclosed to the
public and may be used. The associated identifier of this vulnerability is
VDB-239259.Published 2023-09-09CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4850
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibos
Description A vulnerability has been found in IBOS OA 4.5.5 and classified as
critical. This vulnerability affects unknown code of the file
?r=dashboard/position/edit&op=member. The manipulation leads to sql injection.
The attack can be initiated remotely. The exploit has been disclosed to the
public and may be used. The identifier of this vulnerability is
VDB-239260.Published 2023-09-09CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4851
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibos -- ibos
Description A vulnerability was found in IBOS OA 4.5.5 and classified as
critical. This issue affects some unknown processing of the file
?r=dashboard/database/optimize. The manipulation leads to sql injection. The
attack may be initiated remotely. The exploit has been disclosed to the public
and may be used. The identifier VDB-239261 was assigned to this
vulnerability.Published 2023-09-09CVSS Score not yet calculatedSource & Patch
Info CVE-2023-4852
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- take-note_app
Description A vulnerability, which was classified as problematic, was found in
SourceCodester Take-Note App 1.0. This affects an unknown part of the file
index.php. The manipulation of the argument noteContent with the input
<script>alert('xss')</script> leads to cross site scripting. It is possible to
initiate the attack remotely. The exploit has been disclosed to the public and
may be used. The identifier VDB-239349 was assigned to this
vulnerability.Published 2023-09-09CVSS Score not yet calculatedSource & Patch
Info CVE-2023-4864
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- take-note_app
Description A vulnerability has been found in SourceCodester Take-Note App 1.0
and classified as problematic. This vulnerability affects unknown code. The
manipulation leads to cross-site request forgery. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.
VDB-239350 is the identifier assigned to this vulnerability.Published
2023-09-09CVSS Score not yet calculatedSource & Patch Info CVE-2023-4865
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mutt -- mutt
Description Null pointer dereference when viewing a specially crafted email in
Mutt >1.5.2 <2.2.12Published 2023-09-09CVSS Score not yet calculatedSource &
Patch Info CVE-2023-4874
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mutt -- mutt
Description Null pointer dereference when composing from a specially crafted
draft message in Mutt >1.5.2 <2.2.12Published 2023-09-09CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4875
MISC(link is external)
MISC(link is external)
MISC(link is external)
Back to top
PLEASE SHARE YOUR THOUGHTS
We recently updated our anonymous product survey; we’d welcome your feedback.
Return to top
* Topics
* Spotlight
* Resources & Tools
* News & Events
* Careers
* About
Cybersecurity & Infrastructure Security Agency
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
CISA Central 888-282-0870 central@cisa.dhs.gov(link sends email)
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* About CISA
* Accessibility
* Budget and Performance
* DHS.gov
* FOIA Requests
* No FEAR Act
* Office of Inspector General
* Privacy Policy
* Subscribe
* The White House
* USA.gov
* Website Feedback