www.cisa.gov
Open in
urlscan Pro
2a02:26f0:f500:48d::447a
Public Scan
URL:
https://www.cisa.gov/news-events/bulletins/sb23-303
Submission: On October 31 via manual from IL — Scanned from DE
Submission: On October 31 via manual from IL — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content
An official website of the United States government
Here’s how you know
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.
Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency
Search
×
search
Menu
Close
×
search
* Topics
Topics
Cybersecurity Best Practices
Cyber Threats and Advisories
Critical Infrastructure Security and Resilience
Election Security
Emergency Communications
Industrial Control Systems
Information and Communications Technology Supply Chain Security
Partnerships and Collaboration
Physical Security
Risk Management
How can we help?
GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
LocallyFaith-Based CommunityExecutives
* Spotlight
* Resources & Tools
Resources & Tools
All Resources & Tools
Services
Programs
Resources
Training
Groups
* News & Events
News & Events
News
Events
Cybersecurity Alerts & Advisories
Directives
Request a CISA Speaker
Congressional Testimony
* Careers
Careers
Benefits & Perks
HireVue Applicant Reasonable Accommodations Process
Hiring
Resume & Application Tips
Students & Recent Graduates
Veteran and Military Spouses
Work @ CISA
* About
About
Culture
Divisions & Offices
Regions
Leadership
Doing Business with CISA
Site Links
Reporting Employee and Contractor Misconduct
CISA GitHub
Contact Us
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
1. Home
2. News & Events
3. Bulletins
Share:
VULNERABILITY SUMMARY FOR THE WEEK OF OCTOBER 23, 2023
Released
Oct 30, 2023
Document ID
SB23-303
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that
have been recorded by the National Institute of Standards and
Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is
sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not
yet have assigned CVSS scores. Please visit NVD for updated vulnerability
entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures(link is
external) (CVE) vulnerability naming standard and are organized according to
severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
The division of high, medium, and low severities correspond to the following
scores:
* High: vulnerabilities with a CVSS base score of 7.0–10.0
* Medium: vulnerabilities with a CVSS base score of 4.0–6.9
* Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts
sponsored by CISA. This information may include identifying information, values,
definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletin is compiled from
external, open-source reports and is not a direct result of CISA analysis.
HIGH VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-26CVSS Score 9.8Source & Patch Info CVE-2023-43737
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'email' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-27CVSS Score 9.8Source & Patch Info CVE-2023-43738
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'contact' parameter of the header.php
resource does not validate the characters received and they are sent unfiltered
to the database.Published 2023-10-27CVSS Score 9.8Source & Patch Info
CVE-2023-44162
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-26CVSS Score 9.8Source & Patch Info CVE-2023-44267
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-26CVSS Score 9.8Source & Patch Info CVE-2023-44268
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-27CVSS Score 9.8Source & Patch Info CVE-2023-44375
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-27CVSS Score 9.8Source & Patch Info CVE-2023-44376
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- online_art_gallery
Description Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated
SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource
does not validate the characters received and they are sent unfiltered to the
database.Published 2023-10-27CVSS Score 9.8Source & Patch Info CVE-2023-44377
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- http_serverDescription Out-of-bounds Read
vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP
Server: through 2.4.57.Published 2023-10-23CVSS Score 9.1Source & Patch Info
CVE-2023-31122
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product byzoro -- smart_s85f_firmwareDescription A vulnerability was
found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and
classified as critical. This issue affects some unknown processing of the file
/sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads
to os command injection. The attack may be initiated remotely. The exploit has
been disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-243059. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-10-21CVSS Score
9.8Source & Patch Info CVE-2023-5683
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product byzoro -- smart_s85f_firmwareDescription A vulnerability was
found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has
been declared as critical. Affected by this vulnerability is an unknown
functionality of the file /importexport.php. The manipulation leads to os
command injection. The attack can be launched remotely. The exploit has been
disclosed to the public and may be used. The identifier VDB-243061 was assigned
to this vulnerability. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-10-21CVSS Score
9.8Source & Patch Info CVE-2023-5684
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product calibre-ebook -- calibreDescription link_to_local_path in
ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by
default, add resources outside of the document root.Published 2023-10-22CVSS
Score 7.5Source & Patch Info CVE-2023-46303
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability was found in CodeAstro Internet Banking System 1.0 and classified
as critical. This issue affects some unknown processing of the file
pages_reset_pwd.php. The manipulation of the argument email leads to sql
injection. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The associated identifier of this vulnerability
is VDB-243131.Published 2023-10-22CVSS Score 9.8Source & Patch Info
CVE-2023-5693
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product color -- demoiccmaxDescription In International Color
Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the
icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.Published
2023-10-23CVSS Score 8.8Source & Patch Info CVE-2023-46602
MISC(link is external)Primary
Vendor -- Product color -- demoiccmaxDescription In International Color
Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the
CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in
libSampleICC.a.Published 2023-10-23CVSS Score 7.8Source & Patch Info
CVE-2023-46603
MISC(link is external)Primary
Vendor -- Product dell -- unity_operating_environmentDescription Dell Unity
prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow
an authenticated, local attacker to exploit this vulnerability by authenticating
to the device CLI and issuing certain commands.Published 2023-10-23CVSS Score
7.8Source & Patch Info CVE-2023-43066
MISC(link is external)Primary
Vendor -- Product dell -- unity_operating_environmentDescription Dell Unity 5.3
contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated
attacker could potentially exploit this vulnerability by crafting arbitrary
files through a request to the server.Published 2023-10-23CVSS Score 7.5Source &
Patch Info CVE-2023-43074
MISC(link is external)Primary
Vendor -- Product edm_informatics -- e-invoice
Description Improper Protection for Outbound Error Messages and Alert Signals
vulnerability in EDM Informatics E-invoice allows Account Footprinting. This
issue affects E-invoice: before 2.1.Published 2023-10-27CVSS Score 7.5Source &
Patch Info CVE-2023-5443
MISC(link is external)Primary
Vendor -- Product f5 -- big-ipDescription Undisclosed requests may bypass
configuration utility authentication, allowing an attacker with network access
to the BIG-IP system through the management port and/or self IP addresses to
execute arbitrary system commands. Note: Software versions which have reached
End of Technical Support (EoTS) are not evaluatedPublished 2023-10-26CVSS Score
9.8Source & Patch Info CVE-2023-46747
MISC(link is external)Primary
Vendor -- Product f5 -- big-ipDescription An authenticated SQL injection
vulnerability exists in the BIG-IP Configuration utility which may allow an
authenticated attacker with network access to the Configuration utility through
the BIG-IP management port and/or self IP addresses to execute arbitrary system
commands. Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluatedPublished 2023-10-26CVSS Score 8.8Source & Patch Info
CVE-2023-46748
MISC(link is external)Primary
Vendor -- Product frostming -- pdmDescription pdm is a Python package and
dependency manager supporting the latest PEP standards. It's possible to craft a
malicious `pdm.lock` file that could allow e.g., an insider or a malicious open
source project to appear to depend on a trusted PyPI project, but actually
install another project. A project `foo` can be targeted by creating the project
`foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this
as project `foo-2` version `2`, while PDM will see this as project `foo` version
`2-2`. The version must only be `parseable as a version` and the filename must
be a prefix of the project name, but it's not verified to match the version
being installed. Version `2-2` is also not a valid normalized version per PEP
440. Matching the project name exactly (not just prefix) would fix the issue.
When installing dependencies with PDM, what's actually installed could differ
from what's listed in `pyproject.toml` (including arbitrary code execution on
install). It could also be used for downgrade attacks by only changing the
version. This issue has been addressed in commit `6853e2642df` which is included
in release version `2.9.4`. Users are advised to upgrade. There are no known
workarounds for this vulnerability.Published 2023-10-20CVSS Score 7.8Source &
Patch Info CVE-2023-45805
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- cognos_dashboards_on_cloud_pak_for_dataDescription IBM
Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in
container images which could lead to further attacks against the system. IBM
X-Force ID: 260730.Published 2023-10-22CVSS Score 7.5Source & Patch Info
CVE-2023-38275
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- cognos_dashboards_on_cloud_pak_for_dataDescription IBM
Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in
environment variables which could aid in further attacks against the system. IBM
X-Force ID: 260736.Published 2023-10-22CVSS Score 7.5Source & Patch Info
CVE-2023-38276
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- security_verify_governanceDescription IBM Security
Verify Governance 10.0 contains hard-coded credentials, such as a password or
cryptographic key, which it uses for its own inbound authentication, outbound
communication to external components, or encryption of internal data. IBM
X-Force ID: 225222.Published 2023-10-23CVSS Score 9.8Source & Patch Info
CVE-2022-22466
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- security_verify_governanceDescription IBM Security
Verify Governance 10.0 could allow a remote authenticated attacker to execute
arbitrary commands on the system by sending a specially crafted request. IBM
X-Force ID: 256036.Published 2023-10-23CVSS Score 8.8Source & Patch Info
CVE-2023-33839
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- security_verify_governanceDescription IBM Security
Verify Governance 10.0 does not encrypt sensitive or critical information before
storage or transmission. IBM X-Force ID: 256020.Published 2023-10-23CVSS Score
7.5Source & Patch Info CVE-2023-33837
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- sterling_partner_engagement_managerDescription IBM
Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote
user to perform unauthorized actions due to improper authentication. IBM X-Force
ID: 266896.Published 2023-10-23CVSS Score 7.5Source & Patch Info CVE-2023-43045
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and
earlier allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26568
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052
and earlier allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26569
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetExcursionList method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26572
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
SetDB method in IDAttend's IDWeb application 3.1.052 and earlier allows denial
of service or theft of database login credentials.Published 2023-10-25CVSS Score
9.1Source & Patch Info CVE-2023-26573
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetVisitors method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26581
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetExcursionDetails method in IDAttend's IDWeb application 3.1.052 and
earlier allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26582
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetCurrentPeriod method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26583
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetStudentInconsistencies method in IDAttend's IDWeb application 3.1.052 and
earlier allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-26584
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-27254
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the DeleteRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-27255
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-27260
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated SQL injection in
the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction or modification of all data by unauthenticated
attackers.Published 2023-10-25CVSS Score 9.1Source & Patch Info CVE-2023-27262
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Arbitrary file upload to web root
in the IDAttend's IDWeb application 3.1.013 allows authenticated attackers to
upload dangerous files to web root such as ASP or ASPX, gaining command
execution on the affected server.Published 2023-10-25CVSS Score 8.8Source &
Patch Info CVE-2023-26578
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and
earlier allows extraction sensitive student data by unauthenticated
attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26570
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
SetStudentNotes method in IDAttend's IDWeb application 3.1.052 and earlier
allows modification of student data by unauthenticated attackers.Published
2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26571
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
SearchStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows
extraction sensitive student data by unauthenticated attackers.Published
2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26574
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
SearchStudentsStaff method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction sensitive student and teacher data by unauthenticated
attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26575
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
SearchStudentsRFID method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction sensitive student data by unauthenticated attackers.Published
2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26576
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Unauthenticated arbitrary file
read in the IDAttend's IDWeb application 3.1.013 allows the retrieval of any
file present on the web server by unauthenticated attackers.Published
2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-26580
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
GetActiveToiletPasses method in IDAttend's IDWeb application 3.1.052 and earlier
allows retrieval of student information by unauthenticated attackers.Published
2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-27257
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and
earlier allows retrieval of student and teacher data by unauthenticated
attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-27258
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier
allows extraction of sensitive student and teacher data by unauthenticated
attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info CVE-2023-27259
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
StudentPopupDetails_ContactDetails method in IDAttend's IDWeb application
3.1.052 and earlier allows extraction of sensitive student data by
unauthenticated attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info
CVE-2023-27375
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
StudentPopupDetails_StudentDetails method in IDAttend's IDWeb application
3.1.052 and earlier allows extraction of sensitive student data by
unauthenticated attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info
CVE-2023-27376
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
StudentPopupDetails_EmergencyContactDetails method in IDAttend's IDWeb
application 3.1.052 and earlier allows extraction of sensitive student data by
unauthenticated attackers.Published 2023-10-25CVSS Score 7.5Source & Patch Info
CVE-2023-27377
MISC(link is external)Primary
Vendor -- Product inohom -- home_manager_gateway
Description Improper Protection for Outbound Error Messages and Alert Signals
vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This
issue affects Home Manager Gateway: before v.1.27.12.Published 2023-10-27CVSS
Score 7.5Source & Patch Info CVE-2023-5570
MISC(link is external)Primary
Vendor -- Product langchain -- langchainDescription In Langchain through
0.0.155, prompt injection allows execution of arbitrary code against the SQL
service provided by the chain.Published 2023-10-20CVSS Score 9.8Source & Patch
Info CVE-2023-32785
MISC(link is external)Primary
Vendor -- Product langchain -- langchainDescription In Langchain through
0.0.155, prompt injection allows an attacker to force the service to retrieve
data from an arbitrary URL, essentially providing SSRF and potentially injecting
content into downstream tasks.Published 2023-10-20CVSS Score 7.5Source & Patch
Info CVE-2023-32786
MISC(link is external)Primary
Vendor -- Product m-files -- web_companionDescription Execution of downloaded
content flaw in M-Files Web Companion before release version 23.10 and LTS
Service Release Versions before 23.8 LTS SR1 allows Remote Code
Execution Published 2023-10-20CVSS Score 7.8Source & Patch Info CVE-2023-5523
MISC(link is external)Primary
Vendor -- Product modoboa -- modoboaDescription Cross-Site Request Forgery
(CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.Published
2023-10-20CVSS Score 8.8Source & Patch Info CVE-2023-5690
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mosparo -- mosparoDescription Cross-Site Request Forgery
(CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.Published
2023-10-20CVSS Score 8.8Source & Patch Info CVE-2023-5687
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netentsec -- application_security_gatewayDescription A
vulnerability, which was classified as critical, was found in Netentsec NS-ASG
Application Security Gateway 6.3. Affected is an unknown function of the file
/protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument
GWLinkId leads to sql injection. The exploit has been disclosed to the public
and may be used. VDB-243138 is the identifier assigned to this
vulnerability.Published 2023-10-23CVSS Score 9.8Source & Patch Info
CVE-2023-5700
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netentsec -- application_security_gatewayDescription A
vulnerability, which was classified as critical, was found in Netentsec NS-ASG
Application Security Gateway 6.3. This affects an unknown part of the file
/admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It
is possible to initiate the attack remotely. The exploit has been disclosed to
the public and may be used. The identifier VDB-243057 was assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.Published 2023-10-20CVSS Score 7.2Source & Patch Info
CVE-2023-5681
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product openimageio -- openimageioDescription An issue in OpenImageIO
oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a
denial of service via the read_rle_image function of file
bifs/unquantize.cPublished 2023-10-23CVSS Score 8.8Source & Patch Info
CVE-2023-42295
MISC(link is external)Primary
Vendor -- Product pleaser -- pleaserDescription please (aka pleaser) through
0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl.
(If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)Published
2023-10-20CVSS Score 7.8Source & Patch Info CVE-2023-46277
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product projectworlds_pvt._limited -- leave_management_system_project
Description Leave Management System Project v1.0 is vulnerable to multiple
Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of
the admin/setleaves.php resource does not validate the characters received and
they are sent unfiltered to the database.Published 2023-10-27CVSS Score
9.8Source & Patch Info CVE-2023-44480
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product qnap -- qusbcam2Description An OS command injection
vulnerability has been reported to affect QUSBCam2. If exploited, the
vulnerability could allow users to execute commands via a network. We have
already fixed the vulnerability in the following version: QUSBCam2 2.0.3 (
2023/06/15 ) and laterPublished 2023-10-20CVSS Score 8.8Source & Patch Info
CVE-2023-23373
MISC(link is external)Primary
Vendor -- Product radare -- radare2Description Heap-based Buffer Overflow in
GitHub repository radareorg/radare2 prior to 5.9.0.Published 2023-10-20CVSS
Score 8.8Source & Patch Info CVE-2023-5686
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product reconftw -- reconftwDescription reconFTW is a tool designed to
perform automated recon on a target domain by running the best set of tools to
perform scanning and finding out vulnerabilities. A vulnerability has been
identified in reconftw where inadequate validation of retrieved subdomains may
lead to a Remote Code Execution (RCE) attack. An attacker can exploit this
vulnerability by crafting a malicious CSP entry on it's own domain. Successful
exploitation can lead to the execution of arbitrary code within the context of
the application, potentially compromising the system. This issue has been
addressed in version 2.7.1.1 and all users are advised to upgrade. There are no
known workarounds for this vulnerability.Published 2023-10-20CVSS Score
8.8Source & Patch Info CVE-2023-46117
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product secudos -- qiataDescription SECUDOS Qiata (DOMOS OS) 4.13 has
Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an
attacker needs access as a low-privileged user to the underlying DOMOS system.
Every user on the system has write permission for previewRm.sh, which is
executed by the root user.Published 2023-10-20CVSS Score 7.8Source & Patch Info
CVE-2023-40361
MISC(link is external)Primary
Vendor -- Product silabs -- gecko_bootloaderDescription An integer overflow in
Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory
access when reading from or writing to storage slots.Published 2023-10-20CVSS
Score 7.8Source & Patch Info CVE-2023-3487
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sitolog -- sitolog_application_connectDescription Sitolog
sitologapplicationconnect v7.8.a and before was discovered to contain a SQL
injection vulnerability via the component /activate_hook.php.Published
2023-10-20CVSS Score 9.8Source & Patch Info CVE-2023-37824
MISC(link is external)Primary
Vendor -- Product sollace -- unicopiaDescription Sollace Unicopia version 1.1.1
and before was discovered to deserialize untrusted data, allowing attackers to
execute arbitrary code.Published 2023-10-20CVSS Score 9.8Source & Patch Info
CVE-2023-39680
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. It may look like
`stbi__load_gif_main` doesn't give guarantees about the content of output value
`*delays` upon failure. Although it sets `*delays` to zero at the beginning, it
doesn't do it in case the image is not recognized as GIF and a call to
`stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays`
without resetting it to zero. It would be fair to say the caller of
`stbi__load_gif_main` is responsible to free the allocated memory in `*delays`
only if `stbi__load_gif_main` returns a non-null value. However, at the same
time the function may return null value but fail to free the memory in `*delays`
if internally `stbi__convert_format` is called and fails. The issue may lead to
a memory leak if the caller chooses to free `delays` only when
`stbi__load_gif_main` didn't fail or to a double-free if the `delays` is always
freedPublished 2023-10-21CVSS Score 9.8Source & Patch Info CVE-2023-45666
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. A crafted image file can
trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable.
This happens in `stbi__load_gif_main` because when the `layers * stride` value
is zero the behavior is implementation defined, but common that realloc frees
the old memory and returns null pointer. Since it attempts to double-free the
memory a few lines below the first "free", the issue can be potentially
exploited only in a multi-threaded environment. In the worst case this may lead
to code execution.Published 2023-10-21CVSS Score 8.8Source & Patch Info
CVE-2023-45664
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. When
`stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a
number that doesn't match the real number of components per pixel, the library
attempts to flip the image vertically. A crafted image file can trigger `memcpy`
out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row`
doesn't match the real image array dimensions.Published 2023-10-21CVSS Score
8.1Source & Patch Info CVE-2023-45662
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. If `stbi__load_gif_main` in
`stbi_load_gif_from_memory` fails, it returns a null pointer and may keep the
`z` variable uninitialized. In case the caller also sets the flip vertically
flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer
result value and the uninitialized `z` value. This may result in a program
crash.Published 2023-10-21CVSS Score 7.5Source & Patch Info CVE-2023-45667
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. A crafted image file may
trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because
two_back points to a memory address lower than the start of the buffer out. This
issue may be used to leak internal memory allocation information.Published
2023-10-21CVSS Score 7.1Source & Patch Info CVE-2023-45661
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause
is an integer overflow in `setup_malloc`. A sufficiently large value in the
variable `sz` overflows with `sz+7` in and the negative value passes the maximum
available memory buffer check. This issue may lead to code execution.Published
2023-10-21CVSS Score 7.8Source & Patch Info CVE-2023-45676
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is
that if `len` read in `start_decoder` is a negative number and `setup_malloc`
successfully allocates memory in that case, but memory write is done with a
negative index `len`. Similarly if len is INT_MAX the integer overflow len+1
happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and
`f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This
issue may lead to code execution.Published 2023-10-21CVSS Score 7.8Source &
Patch Info CVE-2023-45677
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger out of buffer write in `start_decoder` because at maximum `m->submaps`
can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15
elements. This issue may lead to code execution.Published 2023-10-21CVSS Score
7.8Source & Patch Info CVE-2023-45678
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger memory allocation failure in `start_decoder`. In that case the function
returns early, but some of the pointers in `f->comment_list` are left
initialized and later `setup_free` is called on these pointers in
`vorbis_deinit`. This issue may lead to code execution.Published 2023-10-21CVSS
Score 7.8Source & Patch Info CVE-2023-45679
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger memory write past an allocated heap buffer in `start_decoder`. The root
cause is a potential integer overflow in `sizeof(char*) *
(f->comment_list_length)` which may make `setup_malloc` allocate less memory
than required. Since there is another integer overflow an attacker may overflow
it too to force `setup_malloc` to return 0 and make the exploit more reliable.
This issue may lead to code execution.Published 2023-10-21CVSS Score 7.8Source &
Patch Info CVE-2023-45681
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger out of bounds read in `DECODE` macro when `var` is negative. As it can
be seen in the definition of `DECODE_RAW` a negative `var` is a valid value.
This issue may be used to leak internal memory allocation information.Published
2023-10-21CVSS Score 7.1Source & Patch Info CVE-2023-45682
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is
that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when
passed to `setup_malloc`. The `setup_malloc` behaves differently when
`f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in
`malloc` case it shifts the pre-allocated buffer by zero and returns the
currently available memory block. This issue may lead to code
execution.Published 2023-10-21CVSS Score 7.8Source & Patch Info CVE-2023-45675
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product superwebmailer -- superwebmailerDescription An issue was
discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via
the size parameter.Published 2023-10-21CVSS Score 8.8Source & Patch Info
CVE-2023-38190
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product superwebmailer -- superwebmailerDescription An issue was
discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a
crafted sendmail command line.Published 2023-10-21CVSS Score 8.8Source & Patch
Info CVE-2023-38193
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product thingnario -- photonDescription An issue in ThingNario Photon
v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges
via a crafted script to the ping function to the "thingnario Logger Maintenance
Webpage" endpoint.Published 2023-10-21CVSS Score 8.8Source & Patch Info
CVE-2023-46055
MISC(link is external)Primary
Vendor -- Product tongda -- oaDescription A vulnerability has been found in
Tongda OA 2017 and classified as critical. This vulnerability affects unknown
code of the file general/hr/training/record/delete.php. The manipulation of the
argument RECORD_ID leads to sql injection. The exploit has been disclosed to the
public and may be used. Upgrading to version 11.10 is able to address this
issue. It is recommended to upgrade the affected component. VDB-243058 is the
identifier assigned to this vulnerability. NOTE: The vendor was contacted early
about this disclosure but did not respond in any way.Published 2023-10-20CVSS
Score 9.8Source & Patch Info CVE-2023-5682
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- a3700r_firmwareDescription An issue in TOTOLINK
A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code
via the FileName parameter of the UploadFirmwareFile function.Published
2023-10-25CVSS Score 9.8Source & Patch Info CVE-2023-46574
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formMapDel.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46554
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formPortFw.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46555
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formFilter.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46556
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formMultiAPVLAN.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46557
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formMapDelDevice.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46558
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formIPv6Addr.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46559
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formTcpipSetup.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46560
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formDosCfg.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46562
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formIpQoS.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46563
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmwareDescription TOTOLINK X2000R Gh
v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the
function formDMZ.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-46564
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function uninstallPluginReqHandle.Published 2023-10-25CVSS
Score 9.8Source & Patch Info CVE-2023-46520
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function RegisterRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46521
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function deviceInfoRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46522
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function upgradeInfoRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46523
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function loginRegister.Published 2023-10-25CVSS Score 9.8Source
& Patch Info CVE-2023-46525
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function resetCloudPwdRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46526
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function bindRequestHandle.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46527
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function modifyAccPwdRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46534
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function getResetVeriRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46535
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function chkRegVeriRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46536
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function getRegVeriRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46537
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function chkResetVeriRegister.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46538
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wr886n_firmwareDescription TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack
overflow via the function registerRequestHandle.Published 2023-10-25CVSS Score
9.8Source & Patch Info CVE-2023-46539
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product trtek_software -- education_portalDescription Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in TRtek Software Education Portal allows SQL Injection. This
issue affects Education Portal: before 3.2023.29.Published 2023-10-27CVSS Score
9.8Source & Patch Info CVE-2023-5807
MISC(link is external)Primary
Vendor -- Product vercel -- next.jsDescription Next.js before 13.4.20-canary.13
lacks a cache-control header and thus empty prefetch responses may sometimes be
cached by a CDN, causing a denial of service to all users requesting the same
URL via that CDN.Published 2023-10-22CVSS Score 7.5Source & Patch Info
CVE-2023-46298
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vmware -- fusionDescription VMware Fusion(13.x prior to
13.5) contains a local privilege escalation vulnerability that occurs during
installation for the first time (the user needs to drag or copy the application
to a folder from the '.dmg' volume) or when installing an upgrade. A malicious
actor with local non-administrative user privileges may exploit this
vulnerability to escalate privileges to root on the system where Fusion is
installed or being installed for the first time.Published 2023-10-20CVSS Score
7.8Source & Patch Info CVE-2023-34045
MISC(link is external)Primary
Vendor -- Product vmware -- fusionDescription VMware Fusion(13.x prior to 13.5)
contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during
installation for the first time (the user needs to drag or copy the application
to a folder from the '.dmg' volume) or when installing an upgrade. A malicious
actor with local non-administrative user privileges may exploit this
vulnerability to escalate privileges to root on the system where Fusion is
installed or being installed for the first time.Published 2023-10-20CVSS Score
7Source & Patch Info CVE-2023-34046
MISC(link is external)Primary
Vendor -- Product wallix -- bastionDescription WALLIX Bastion 9.x before 9.0.9
and 10.x before 10.0.5 allows unauthenticated access to sensitive information by
bypassing access control on a network access administration web
interface.Published 2023-10-23CVSS Score 7.5Source & Patch Info CVE-2023-46319
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Ad Inserter for
WordPress is vulnerable to Sensitive Information Exposure in versions up to, and
including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow
unauthenticated attackers to extract sensitive data including installed plugins
(present and active), active theme, various plugin settings, WordPress version,
as well as some server settings such as memory limit, installation
paths.Published 2023-10-20CVSS Score 7.5Source & Patch Info CVE-2023-4668
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Jetpack CRM plugin for
WordPress is vulnerable to PHAR deserialization via the 'zbscrmcsvimpf'
parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to,
and including, 5.3.1. While the function performs a nonce check, steps 2 and 3
of the check do not take any action upon a failed check. These steps then
perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar://
archive is supplied, its contents will be deserialized and an object injected in
the execution stream. This allows an unauthenticated attacker to obtain object
injection if they are able to upload a phar archive (for instance if the site
supports image uploads) and then trick an administrator into performing an
action, such as clicking a link.Published 2023-10-20CVSS Score 8.8Source & Patch
Info CVE-2022-3342
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Brizy plugin for
WordPress is vulnerable to authorization bypass due to an incorrect capability
check on the is_administrator() function in versions up to, and including,
1.0.125. This makes it possible for authenticated attackers to access and
interact with available AJAX functions.Published 2023-10-20CVSS Score 8.1Source
& Patch Info CVE-2020-36714
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Security & Malware scan
by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction
in versions up to, and including, 2.50. This is due to missing capability checks
on several AJAX actions and nonce disclosure in the source page of the
administrative dashboard. This makes it possible for authenticated attackers,
with subscriber-level permissions and above, to call functions and delete and/or
upload files.Published 2023-10-20CVSS Score 8.8Source & Patch Info
CVE-2020-36698
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Cyr to Lat plugin for
WordPress is vulnerable to authenticated SQL Injection via the
'ctl_sanitize_title' function in versions up to, and including, 3.5 due to
insufficient escaping on the user supplied parameter and lack of sufficient
preparation on the existing SQL query. This potentially allows authenticated
users with the ability to add or modify terms or tags to append additional SQL
queries into already existing queries that can be used to extract sensitive
information from the database. A partial patch became available in version 3.6
and the issue was fully patched in version 3.7.Published 2023-10-20CVSS Score
8.8Source & Patch Info CVE-2022-4290
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Horizontal scrolling
announcement plugin for WordPress is vulnerable to SQL Injection via the
plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2
due to insufficient escaping on the user supplied parameter and lack of
sufficient preparation on the existing SQL query. This makes it possible for
authenticated attackers with subscriber-level and above permissions to append
additional SQL queries into already existing queries that can be used to extract
sensitive information from the database.Published 2023-10-20CVSS Score 8.8Source
& Patch Info CVE-2023-4999
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Dropbox Folder Share for
WordPress is vulnerable to Local File Inclusion in versions up to, and
including, 1.9.7 via the editor-view.php file. This allows unauthenticated
attackers to include and execute arbitrary files on the server, allowing the
execution of any PHP code in those files. This can be used to bypass access
controls, obtain sensitive data, or achieve code execution in cases where images
and other "safe" file types can be uploaded and included.Published
2023-10-20CVSS Score 9.8Source & Patch Info CVE-2023-4488
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Icegram Express plugin
for WordPress is vulnerable to Directory Traversal in versions up to, and
including, 5.6.23 via the show_es_logs function. This allows administrator-level
attackers to read the contents of arbitrary files on the server, which can
contain sensitive information including those belonging to other sites, for
example in shared hosting environments.Published 2023-10-20CVSS Score 7.2Source
& Patch Info CVE-2023-5414
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The ImageMagick Engine
plugin for WordPress is vulnerable to remote code execution via the 'cli_path'
parameter in versions up to and including 1.7.5. This makes it possible for
unauthenticated users to run arbitrary commands leading to remote command
execution, granted they can trick a site administrator into performing an action
such as clicking on a link. This makes it possible for an attacker to create and
or modify files hosted on the server which can easily grant attackers backdoor
access to the affected server.Published 2023-10-20CVSS Score 8.8Source & Patch
Info CVE-2022-2441
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Cross-Site Request Forgery
(CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3
versions.Published 2023-10-21CVSS Score 8.8Source & Patch Info CVE-2023-46078
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_save_options function. This makes it possible for unauthenticated
attackers to modify the plugin's settings via a forged request granted they can
trick a site administrator into performing an action such as clicking on a link.
Additionally, input sanitization and escaping is insufficient resulting in the
possibility of malicious script injection.Published 2023-10-20CVSS Score
8.8Source & Patch Info CVE-2023-4920
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Cross-Site Request Forgery
(CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.Published
2023-10-21CVSS Score 8.8Source & Patch Info CVE-2023-46067
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Fancy Product Designer
plugin for WordPress is vulnerable to unauthorized modification of site options
due to a missing capability check on the fpd_update_options function in versions
up to, and including, 4.6.9. This makes it possible for authenticated attackers
with subscriber-level permissions to modify site options, including setting the
default role to administrator which can allow privilege escalation.Published
2023-10-20CVSS Score 8.8Source & Patch Info CVE-2021-4334
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Simple:Press - WordPress
Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to
missing file type validation in the
~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and
including, 6.6.0. This makes it possible for attackers to upload arbitrary files
on the affected sites server which may make remote code execution
possible.Published 2023-10-20CVSS Score 9.8Source & Patch Info CVE-2020-36706
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Soisy Pagamento Rateale
plugin for WordPress is vulnerable to unauthorized access of data due to a
missing capability check on the parseRemoteRequest function in versions up to,
and including, 6.0.1. This makes it possible for unauthenticated attackers with
knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce
order information (e.g., Name, Address, Email Address, and other order
metadata).Published 2023-10-21CVSS Score 7.5Source & Patch Info CVE-2023-5132
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Essential Blocks plugin
for WordPress is vulnerable to PHP Object Injection in versions up to, and
including, 4.2.0 via deserialization of untrusted input in the get_posts
function. This allows unauthenticated attackers to inject a PHP Object. No POP
chain is present in the vulnerable plugin. If a POP chain is present via an
additional plugin or theme installed on the target system, it could allow the
attacker to delete arbitrary files, retrieve sensitive data, or execute
code.Published 2023-10-20CVSS Score 8.1Source & Patch Info CVE-2023-4386
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Essential Blocks plugin
for WordPress is vulnerable to PHP Object Injection in versions up to, and
including, 4.2.0 via deserialization of untrusted input in the get_products
function. This allows unauthenticated attackers to inject a PHP Object. No POP
chain is present in the vulnerable plugin. If a POP chain is present via an
additional plugin or theme installed on the target system, it could allow the
attacker to delete arbitrary files, retrieve sensitive data, or execute
code.Published 2023-10-20CVSS Score 9.8Source & Patch Info CVE-2023-4402
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Migration, Backup,
Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information
Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets
stored in plaintext in the publicly visible plugin source. This could allow
unauthenticated attackers to impersonate the WPVivid Google Drive account via
the API if they can trick a user into reauthenticating via another vulnerability
or social engineering.Published 2023-10-20CVSS Score 9.3Source & Patch Info
CVE-2023-5576
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription An Improper Input
Validation vulnerability in Zscaler Client Connector on Linux allows Privilege
Escalation. This issue affects Client Connector: before 1.4.0.105Published
2023-10-23CVSS Score 9.8Source & Patch Info CVE-2023-28805
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription The Zscaler Client
Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted
search path vulnerability. A local adversary may be able to execute code with
SYSTEM privileges.Published 2023-10-23CVSS Score 7.8Source & Patch Info
CVE-2021-26735
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Multiple
vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for
Windows prior to 3.6 allowed execution of binaries from a low privileged path. A
local adversary may be able to execute code with SYSTEM privileges.Published
2023-10-23CVSS Score 7.8Source & Patch Info CVE-2021-26736
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Zscaler Client
Connector for macOS prior to 3.7 had an unquoted search path vulnerability via
the PATH variable. A local adversary may be able to execute code with root
privileges.Published 2023-10-23CVSS Score 7.8Source & Patch Info CVE-2021-26738
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Buffer overflow
vulnerability in the signelf library used by Zscaler Client Connector on Linux
allows Code Injection. This issue affects Zscaler Client Connector for Linux:
before 1.3.1.6.Published 2023-10-23CVSS Score 7.8Source & Patch Info
CVE-2023-28793
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Origin Validation Error
vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in
Existing Process. This issue affects Zscaler Client Connector for Linux: before
1.3.1.6.Published 2023-10-23CVSS Score 7.8Source & Patch Info CVE-2023-28795
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Improper Verification
of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux
allows Code Injection. This issue affects Zscaler Client Connector for Linux:
before 1.3.1.6.Published 2023-10-23CVSS Score 7.8Source & Patch Info
CVE-2023-28796
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Zscaler Client
Connector for Windows before 4.1 writes/deletes a configuration file inside
specific folders on the disk. A malicious user can replace the folder and
execute code as a privileged user.Published 2023-10-23CVSS Score 7.3Source &
Patch Info CVE-2023-28797
MISC(link is external)Primary
Vendor -- Product zzzcms -- zzzcmsDescription File Upload vulnerability in
zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via
modification of the imageext parameter from jpg, jpeg,gif, and png to jpg,
jpeg,gif, png, pphphp.Published 2023-10-25CVSS Score 9.8Source & Patch Info
CVE-2023-45554
MISC(link is external)Primary
Vendor -- Product zzzcms -- zzzcmsDescription File Upload vulnerability in
zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted
file to the down_url function in zzz.php file.Published 2023-10-25CVSS Score
7.8Source & Patch Info CVE-2023-45555
MISC(link is external)
Back to top
MEDIUM VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product apache -- airflowDescription Exposure of Sensitive Information
to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects
Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been
exposed to authenticated users with the ability to read configuration via
Airflow REST API for configuration even when the expose_config option is set to
non-sensitive-only. The expose_config option is False by default. It is
recommended to upgrade to a version that is not affected if you set
expose_config to non-sensitive-only configuration. This is a different error
than CVE-2023-45348 which allows authenticated user to retrieve individual
configuration values in 2.7.* by specially crafting their request (solved in
2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue
and additionally fixes CVE-2023-45348.Published 2023-10-23CVSS Score 4.3Source &
Patch Info CVE-2023-46288
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- santuario_xml_security_for_javaDescription All
versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and
3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private
key may be disclosed in log files when generating an XML Signature and logging
with debug level is enabled. Users are recommended to upgrade to version 2.2.6,
2.3.4, or 3.0.3, which fixes this issue.Published 2023-10-20CVSS Score 6.5Source
& Patch Info CVE-2023-44483
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the extra parameter in the news menu
component.Published 2023-10-20CVSS Score 5.4Source & Patch Info CVE-2023-43353
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the Profiles parameter in the Extensions
-MicroTiny WYSIWYG editor component.Published 2023-10-20CVSS Score 5.4Source &
Patch Info CVE-2023-43354
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the password and password again
parameters in the My Preferences - Add user component.Published 2023-10-20CVSS
Score 5.4Source & Patch Info CVE-2023-43355
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the Global Meatadata parameter in the
Global Settings Menu component.Published 2023-10-20CVSS Score 5.4Source & Patch
Info CVE-2023-43356
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the Title parameter in the Manage
Shortcuts component.Published 2023-10-20CVSS Score 5.4Source & Patch Info
CVE-2023-43357
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability was found in CodeAstro Internet Banking System 1.0. It has been
classified as problematic. Affected is an unknown function of the file
pages_system_settings.php. The manipulation of the argument sys_name with the
input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible
to launch the attack remotely. The exploit has been disclosed to the public and
may be used. The identifier of this vulnerability is VDB-243132.Published
2023-10-22CVSS Score 6.1Source & Patch Info CVE-2023-5694
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability was found in CodeAstro Internet Banking System 1.0. It has been
declared as problematic. Affected by this vulnerability is an unknown
functionality of the file pages_reset_pwd.php. The manipulation of the argument
email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt>
leads to cross site scripting. The attack can be launched remotely. The exploit
has been disclosed to the public and may be used. The identifier VDB-243133 was
assigned to this vulnerability.Published 2023-10-22CVSS Score 6.1Source & Patch
Info CVE-2023-5695
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability was found in CodeAstro Internet Banking System 1.0. It has been
rated as problematic. Affected by this issue is some unknown functionality of
the file pages_transfer_money.php. The manipulation of the argument
account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!--
leads to cross site scripting. The attack may be launched remotely. The exploit
has been disclosed to the public and may be used. VDB-243134 is the identifier
assigned to this vulnerability.Published 2023-10-22CVSS Score 6.1Source & Patch
Info CVE-2023-5696
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability classified as problematic has been found in CodeAstro Internet
Banking System 1.0. This affects an unknown part of the file
pages_withdraw_money.php. The manipulation of the argument account_number with
the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site
scripting. It is possible to initiate the attack remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-243135.Published 2023-10-23CVSS Score 6.1Source & Patch
Info CVE-2023-5697
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability classified as problematic was found in CodeAstro Internet Banking
System 1.0. This vulnerability affects unknown code of the file
pages_deposit_money.php. The manipulation of the argument account_number with
the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site
scripting. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. The identifier of this vulnerability is
VDB-243136.Published 2023-10-23CVSS Score 6.1Source & Patch Info CVE-2023-5698
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- internet_banking_systemDescription A
vulnerability, which was classified as problematic, has been found in CodeAstro
Internet Banking System 1.0. This issue affects some unknown processing of the
file pages_view_client.php. The manipulation of the argument acc_name with the
input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site
scripting. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-243137 was assigned to this
vulnerability.Published 2023-10-23CVSS Score 6.1Source & Patch Info
CVE-2023-5699
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dell -- unity_operating_environmentDescription Dell Unity
prior to 5.3 contains an XML External Entity injection vulnerability. An XXE
attack could potentially exploit this vulnerability disclosing local files in
the file system.Published 2023-10-23CVSS Score 6.5Source & Patch Info
CVE-2023-43067
MISC(link is external)Primary
Vendor -- Product dell -- unity_operating_environmentDescription Dell Unity
prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged
authenticated attacker can exploit these issues to obtain escalated
privileges.Published 2023-10-23CVSS Score 5.4Source & Patch Info CVE-2023-43065
MISC(link is external)Primary
Vendor -- Product enhancesoft -- osticketDescription A stored cross-site
scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2
allows attackers to execute arbitrary web scripts or HTML via a crafted payload
injected into the Role Name parameter.Published 2023-10-23CVSS Score 4.8Source &
Patch Info CVE-2023-27148
MISC(link is external)Primary
Vendor -- Product enhancesoft -- osticketDescription A stored cross-site
scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers
to execute arbitrary web scripts or HTML via a crafted payload injected into the
Label input parameter when updating a custom list.Published 2023-10-23CVSS Score
4.8Source & Patch Info CVE-2023-27149
MISC(link is external)Primary
Vendor -- Product home-assistant -- home-assistantDescription Home assistant is
an open source home automation. The audit team's analyses confirmed that the
`redirect_uri` and `client_id` are alterable when logging in. Consequently, the
code parameter utilized to fetch the `access_token` post-authentication will be
sent to the URL specified in the aforementioned parameters. Since an arbitrary
URL is permitted and `homeassistant.local` represents the preferred, default
domain likely used and trusted by many users, an attacker could leverage this
weakness to manipulate a user and retrieve account access. Notably, this attack
strategy is plausible if the victim has exposed their Home Assistant to the
Internet, since after acquiring the victim's `access_token` the adversary would
need to utilize it directly towards the instance to achieve any pertinent
malicious actions. To achieve this compromise attempt, the attacker must send a
link with a `redirect_uri` that they control to the victim's own Home Assistant
instance. In the eventuality the victim authenticates via said link, the
attacker would obtain code sent to the specified URL in `redirect_uri`, which
can then be leveraged to fetch an `access_token`. Pertinently, an attacker could
increase the efficacy of this strategy by registering a near identical domain to
`homeassistant.local`, which at first glance may appear legitimate and thereby
obfuscate any malicious intentions. This issue has been addressed in version
2023.9.0 and all users are advised to upgrade. There are no known workarounds
for this vulnerability.Published 2023-10-20CVSS Score 5.4Source & Patch Info
CVE-2023-41893
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product home-assistant -- home-assistantDescription Home assistant is
an open source home automation. The assessment verified that webhooks available
in the webhook component are triggerable via the `*.ui.nabu.casa` URL without
authentication, even when the webhook is marked as Only accessible from the
local network. This issue is facilitated by the SniTun proxy, which sets the
source address to 127.0.0.1 on all requests sent to the public URL and forwarded
to the local Home Assistant. This issue has been addressed in version 2023.9.0
and all users are advised to upgrade. There are no known workarounds for this
vulnerability.Published 2023-10-20CVSS Score 5.3Source & Patch Info
CVE-2023-41894
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product i-doit -- i-doitDescription I-doit pro 25 and below is
vulnerable to Cross Site Scripting (XSS) via index.php.Published 2023-10-21CVSS
Score 5.4Source & Patch Info CVE-2023-46003
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- cognos_dashboards_on_cloud_pak_for_dataDescription IBM
Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to
bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker
could exploit this vulnerability and redirect a victim to a phishing site. IBM
X-Force ID: 262482.Published 2023-10-22CVSS Score 6.5Source & Patch Info
CVE-2023-38735
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- security_verify_governanceDescription IBM Security
Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability
allows users to embed arbitrary JavaScript code in the Web UI thus altering the
intended functionality potentially leading to credentials disclosure within a
trusted session. IBM X-Force ID: 256037.Published 2023-10-23CVSS Score 4.8Source
& Patch Info CVE-2023-33840
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- sterling_partner_engagement_managerDescription IBM
Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to
stored cross-site scripting. This vulnerability allows users to embed arbitrary
JavaScript code in the Web UI thus altering the intended functionality
potentially leading to credentials disclosure within a trusted session. IBM
X-Force ID: 262174.Published 2023-10-23CVSS Score 5.4Source & Patch Info
CVE-2023-38722
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
DeleteAssignments method in IDAttend's IDWeb application 3.1.052 and earlier
allows deletion of data by unauthenticated attackers.Published 2023-10-25CVSS
Score 6.5Source & Patch Info CVE-2023-27261
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Stored cross-site scripting in
the IDAttend's IDWeb application 3.1.052 and earlier allows attackers to hijack
the browsing session of the logged in user.Published 2023-10-25CVSS Score
5.4Source & Patch Info CVE-2023-26577
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
DeleteStaff method in IDAttend's IDWeb application 3.1.013 allows deletion of
staff information by unauthenticated attackers.Published 2023-10-25CVSS Score
5.3Source & Patch Info CVE-2023-26579
MISC(link is external)Primary
Vendor -- Product idattend -- idwebDescription Missing authentication in the
GetLogFiles method in IDAttend's IDWeb application 3.1.052 and earlier allows
retrieval of sensitive log files by unauthenticated attackers.Published
2023-10-25CVSS Score 5.3Source & Patch Info CVE-2023-27256
MISC(link is external)Primary
Vendor -- Product kaibutsunosato -- kaibutsunosatoDescription The leakage of the
client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel
access token and send crafted broadcast messages.Published 2023-10-20CVSS Score
5.3Source & Patch Info CVE-2023-39731
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product m-files -- classic_webDescription Stored XSS Vulnerability in
M-Files Classic Web versions before 23.10 and LTS Service Release Versions
before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users
browser via stored HTML document.Published 2023-10-20CVSS Score 5.4Source &
Patch Info CVE-2023-2325
MISC(link is external)Primary
Vendor -- Product modoboa -- modoboaDescription Cross-site Scripting (XSS) - DOM
in GitHub repository modoboa/modoboa prior to 2.2.2.Published 2023-10-20CVSS
Score 5.4Source & Patch Info CVE-2023-5688
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product modoboa -- modoboaDescription Cross-site Scripting (XSS) - DOM
in GitHub repository modoboa/modoboa prior to 2.2.2.Published 2023-10-20CVSS
Score 5.4Source & Patch Info CVE-2023-5689
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product nagvis -- nagvisDescription XSS exists in NagVis before 1.9.38
via the select function in share/server/core/functions/html.php.Published
2023-10-20CVSS Score 6.1Source & Patch Info CVE-2023-46287
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product opensolution -- quick_cmsDescription Cross-site scripting
(XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to
execute arbitrary code via a crafted script to the Backend - Dashboard parameter
in the Languages Menu component.Published 2023-10-20CVSS Score 5.4Source & Patch
Info CVE-2023-43346
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.hDescription stb_image is a single
file MIT licensed library for processing images. The stbi__getn function reads a
specified number of bytes from context (typically a file) into the specified
buffer. In case the file stream points to the end, it returns zero. There are
two places where its return value is not checked: In the `stbi__hdr_load`
function and in the `stbi__tga_load` function. The latter of the two is likely
more exploitable as an attacker may also control the size of an uninitialized
buffer.Published 2023-10-21CVSS Score 5.5Source & Patch Info CVE-2023-45663
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stb_vorbis.c -- stb_vorbis.cDescription stb_vorbis is a single
file MIT licensed library for processing ogg vorbis files. A crafted file may
trigger memory allocation failure in `start_decoder`. In that case the function
returns early, the `f->comment_list` is set to `NULL`, but
`f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to
dereference the `NULL` pointer. This issue may lead to denial of
service.Published 2023-10-21CVSS Score 5.5Source & Patch Info CVE-2023-45680
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product superwebmailer -- superwebmailerDescription An issue was
discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS
via a crafted filename.Published 2023-10-20CVSS Score 6.1Source & Patch Info
CVE-2023-38191
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product superwebmailer -- superwebmailerDescription An issue was
discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS
via crafted incorrect passwords.Published 2023-10-21CVSS Score 6.1Source & Patch
Info CVE-2023-38192
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product superwebmailer -- superwebmailerDescription An issue was
discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET
parameter.Published 2023-10-21CVSS Score 6.1Source & Patch Info CVE-2023-38194
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tauri -- tauriDescription Tauri is a framework for building
binaries for all major desktop platforms. This advisory is not describing a
vulnerability in the Tauri code base itself but a commonly used misconfiguration
which could lead to leaking of the private key and updater key password into
bundled Tauri applications using the Vite frontend in a specific configuration.
The Tauri documentation used an insecure example configuration in the `Vite
guide` to showcase how to use Tauri together with Vite. Copying the following
snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the
`vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY`
and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this
value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or
any other framework than Vite means you are not impacted by this advisory. Users
are advised to rotate their updater private key if they are affected by this
(requires Tauri CLI >=1.5.5). After updating the envPrefix configuration,
generate a new private key with `tauri signer generate`, saving the new private
key and updating the updater's `pubkey` value on `tauri.conf.json` with the new
public key. To update your existing application, the next application build must
be signed with the older private key in order to be accepted by the existing
application.Published 2023-10-20CVSS Score 5.5Source & Patch Info CVE-2023-46115
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vmware -- workstationDescription VMware Workstation( 17.x
prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read
vulnerability that exists in the functionality for sharing host Bluetooth
devices with the virtual machine. A malicious actor with local administrative
privileges on a virtual machine may be able to read privileged information
contained in hypervisor memory from a virtual machine.Published 2023-10-20CVSS
Score 6Source & Patch Info CVE-2023-34044
MISC(link is external)Primary
Vendor -- Product vnote_project -- vnoteDescription A vulnerability has been
found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by
this vulnerability is an unknown functionality of the component Markdown File
Handler. The manipulation with the input <xss onclick="alert(1)"
style=display:block>Click here</xss> leads to cross site scripting. The attack
can be launched remotely. The exploit has been disclosed to the public and may
be used. The associated identifier of this vulnerability is VDB-243139. NOTE:
The vendor was contacted early about this disclosure but did not respond in any
way.Published 2023-10-23CVSS Score 6.1Source & Patch Info CVE-2023-5701
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wbce -- wbce_cmsDescription Cross Site Scripting (XSS)
vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to
escalate privileges via a crafted script to the website_footer parameter in the
admin/settings/save.php component.Published 2023-10-21CVSS Score 5.4Source &
Patch Info CVE-2023-46054
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Blog2Social plugin for
WordPress is vulnerable to authorization bypass due to missing capability checks
in versions up to, and including, 6.9.11. This makes it possible for
authenticated attackers, with subscriber-level permissions and above, to change
some plugin settings intended to be modifiable by admins only.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2022-3622
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45769
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione
Trasparente plugin <= 8.0.2 versions.Published 2023-10-25CVSS Score 4.8Source &
Patch Info CVE-2023-45758
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Add Custom Body Class
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
'add_custom_body_class' value in versions up to, and including, 1.4.1 due to
insufficient input sanitization and output escaping. This makes it possible for
authenticated attackers, with contributor-level access and above, to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-21CVSS Score 5.4Source & Patch Info
CVE-2023-5205
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode
Generator plugin <= 1.0 versions.Published 2023-10-25CVSS Score 4.8Source &
Patch Info CVE-2023-45644
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45634
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The ARMember Lite -
Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
admin settings in versions up to, and including, 4.0.14 due to insufficient
input sanitization and output escaping. This makes it possible for authenticated
attackers, with administrator-level permissions and above, to inject arbitrary
web scripts in pages that will execute whenever a user accesses an injected
page. This only affects multi-site installations and installations where
unfiltered_html has been disabled.Published 2023-10-20CVSS Score 4.8Source &
Patch Info CVE-2023-3996
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Booster for WooCommerce
for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option'
shortcode in versions up to, and including, 7.1.0 due to insufficient controls
on the information retrievable via the shortcode. This makes it possible for
authenticated attackers, with subscriber-level capabilities or above, to
retrieve arbitrary sensitive site options.Published 2023-10-20CVSS Score
4.3Source & Patch Info CVE-2023-4796
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search
plugin <= 1.2.1 versions.Published 2023-10-25CVSS Score 4.8Source & Patch Info
CVE-2023-45755
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WP Cerber Security
plugin for WordPress is vulnerable to stored cross-site scripting via the log
parameter when logging in to the site in versions up to, and including, 9.1.
This makes it possible for unauthenticated attackers to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected
page.Published 2023-10-20CVSS Score 6.1Source & Patch Info CVE-2022-4712
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Woody code snippets
plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
to, and including, 2.3.9. This is due to missing or incorrect nonce validation
on the runActions() function. This makes it possible for unauthenticated
attackers to activate and deactivate snippets via a forged request granted they
can trick a site administrator into performing an action such as clicking on a
link.Published 2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36759
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Photospace Responsive
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
'psres_button_size' parameter in versions up to, and including, 2.1.1 due to
insufficient input sanitization and output escaping. This makes it possible for
authenticated attackers, with administrator-level permissions and above, to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page. This only affects multi-site installations and installations
where unfiltered_html has been disabled.Published 2023-10-20CVSS Score 4.8Source
& Patch Info CVE-2023-4271
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45770
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WhatsApp Share Button
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to
insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.Published 2023-10-20CVSS Score
5.4Source & Patch Info CVE-2023-5668
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The flowpaper plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode
in versions up to, and including, 2.0.3 due to insufficient input sanitization
and output escaping on user supplied attributes. This makes it possible for
authenticated attackers with contributor-level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-20CVSS Score 5.4Source & Patch Info
CVE-2023-5200
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt
plugin <= 8.0 versions.Published 2023-10-25CVSS Score 4.8Source & Patch Info
CVE-2023-45764
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WP Customer Reviews
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin
settings in versions up to, and including, 3.6.6 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers, with administrator-level permissions and above, to inject arbitrary
web scripts in pages that will execute whenever a user accesses an injected
page. This only affects multi-site installations and installations where
unfiltered_html has been disabled.Published 2023-10-20CVSS Score 4.8Source &
Patch Info CVE-2023-4648
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The wpDiscuz plugin for
WordPress is vulnerable to unauthorized modification of data due to a missing
authorization check on the voteOnComment function in versions up to, and
including, 7.6.3. This makes it possible for unauthenticated attackers to
increase or decrease the rating of a comment.Published 2023-10-20CVSS Score
5.3Source & Patch Info CVE-2023-3869
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The wpDiscuz plugin for
WordPress is vulnerable to unauthorized modification of data due to a missing
authorization check on the userRate function in versions up to, and including,
7.6.3. This makes it possible for unauthenticated attackers to increase or
decrease the rating of a post.Published 2023-10-20CVSS Score 5.3Source & Patch
Info CVE-2023-3998
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email
Sender - Email Newsletter Plugin for WordPress plugin <= 2.0.1
versions.Published 2023-10-25CVSS Score 5.4Source & Patch Info CVE-2023-45829
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin
<= 1.1.0 versions.Published 2023-10-25CVSS Score 5.4Source & Patch Info
CVE-2023-45646
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy
Testimonial Slider and Form plugin <= 1.0.18 versions.Published 2023-10-25CVSS
Score 4.8Source & Patch Info CVE-2023-45754
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The iframe plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe`
shortcode in versions up to, and including, 4.6 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers, with contributor-level permission and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.
This was partially patched in version 4.6 and fully patched in version
4.7.Published 2023-10-20CVSS Score 5.4Source & Patch Info CVE-2023-4919
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WP Mailto Links -
Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3
due to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers with
contributor-level and above permissions to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page. This was partially
patched in version 3.1.3 and fully patched in version 3.1.4.Published
2023-10-20CVSS Score 5.4Source & Patch Info CVE-2023-5109
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Coupon Creator plugin
for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and
including, 3.1. This is due to missing or incorrect nonce validation on the
save_meta() function. This makes it possible for unauthenticated attackers to
save meta fields via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36751
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45761
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Copy Anything to
Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient
input sanitization and output escaping on user supplied attributes. This makes
it possible for authenticated attackers with contributor-level and above
permissions to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page.Published 2023-10-20CVSS Score 5.4Source &
Patch Info CVE-2023-5086
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in EventPrime EventPrime - Events Calendar,
Bookings and Tickets plugin <= 3.1.5 versions.Published 2023-10-25CVSS Score
6.1Source & Patch Info CVE-2023-45637
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Auto Amazon Links plugin
for WordPress is vulnerable to Stored Cross-Site Scripting via the style
parameter in versions up to, and including, 5.3.1 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers with contributor access to inject arbitrary web scripts in pages that
will execute whenever a user accesses an injected page.Published 2023-10-20CVSS
Score 5.4Source & Patch Info CVE-2023-4482
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The miniOrange's Google
Authenticator plugin for WordPress is vulnerable to authorization bypass due to
a missing capability check when changing plugin settings in versions up to, and
including, 5.6.5. This makes it possible for unauthenticated attackers to change
the plugin's settings.Published 2023-10-20CVSS Score 5.3Source & Patch Info
CVE-2022-4943
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The EventON plugin for
WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab'
parameter in versions up to, and including, 2.2.2 due to insufficient input
sanitization and output escaping. This makes it possible for unauthenticated
attackers to inject arbitrary web scripts in pages that execute if they can
successfully trick a user into performing an action such as clicking on a
link.Published 2023-10-21CVSS Score 6.1Source & Patch Info CVE-2023-4635
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Winters theme for
WordPress is vulnerable to Reflected Cross-Site Scripting via prototype
pollution in versions up to, and including, 1.4.3 due to insufficient input
sanitization and output escaping. This makes it possible for unauthenticated
attackers to inject arbitrary web scripts in pages that execute if they can
successfully trick a user into performing an action such as clicking on a
link.Published 2023-10-20CVSS Score 6.1Source & Patch Info CVE-2023-3962
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Paid Memberships Pro
plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
to, and including, 2.4.2. This is due to missing or incorrect nonce validation
on the pmpro_page_save() function. This makes it possible for unauthenticated
attackers to save pages via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36754
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Waiting: One-click
countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
the Countdown name in versions up to, and including, 0.6.2 due to insufficient
input sanitization and output escaping. This makes it possible for authenticated
attackers, with administrator-level permissions and above, to inject arbitrary
web scripts in pages that will execute whenever a user accesses an injected
page.Published 2023-10-20CVSS Score 4.8Source & Patch Info CVE-2022-4954
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Theme Switcha plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to
insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.Published 2023-10-20CVSS Score
5.4Source & Patch Info CVE-2023-5614
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_bulkoperations_delete function. This makes it possible for unauthenticated
attackers to delete products via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2023-4923
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3.
This is due to missing capability checks on the woobe_bulkoperations_delete
function. This makes it possible for authenticated attackers, with subscriber
access or higher, to delete products.Published 2023-10-20CVSS Score 4.3Source &
Patch Info CVE-2023-4924
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_bulk_delete_products function. This makes it possible for unauthenticated
attackers to delete products via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2023-4926
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
create_profile function. This makes it possible for unauthenticated attackers to
create profiles via a forged request granted they can trick a site administrator
into performing an action such as clicking on a link.Published 2023-10-20CVSS
Score 4.3Source & Patch Info CVE-2023-4935
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_bulkoperations_apply_default_combination function. This makes it possible
for unauthenticated attackers to manipulate products via a forged request
granted they can trick a site administrator into performing an action such as
clicking on a link.Published 2023-10-20CVSS Score 4.3Source & Patch Info
CVE-2023-4937
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_bulkoperations_swap function. This makes it possible for unauthenticated
attackers to manipulate products via a forged request granted they can trick a
site administrator into performing an action such as clicking on a
link.Published 2023-10-20CVSS Score 4.3Source & Patch Info CVE-2023-4940
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3.
This is due to a missing capability check on the woobe_bulkoperations_swap
function. This makes it possible for authenticated attackers (subscriber or
higher) to manipulate products.Published 2023-10-20CVSS Score 4.3Source & Patch
Info CVE-2023-4941
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
1.1.3.3. This is due to missing or incorrect nonce validation on the
woobe_bulkoperations_visibility function. This makes it possible for
unauthenticated attackers to manipulate products via a forged request granted
they can trick a site administrator into performing an action such as clicking
on a link.Published 2023-10-20CVSS Score 4.3Source & Patch Info CVE-2023-4942
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The BEAR for WordPress is
vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3.
This is due to a missing capability check on the woobe_bulkoperations_visibility
function. This makes it possible for authenticated attackers (subscriber or
higher) to manipulate products.Published 2023-10-20CVSS Score 4.3Source & Patch
Info CVE-2023-4943
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Poptin plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form'
shortcode in versions up to, and including, 1.3 due to insufficient input
sanitization and output escaping on user supplied attributes. This makes it
possible for authenticated attackers with contributor-level and above
permissions to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page.Published 2023-10-20CVSS Score 5.4Source &
Patch Info CVE-2023-4961
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45750
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Customizr theme for
WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and
including, 4.3.0. This is due to missing or incorrect nonce validation on the
czr_fn_post_fields_save() function. This makes it possible for unauthenticated
attackers to post fields via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36755
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Hueman theme for
WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and
including, 3.6.3. This is due to missing or incorrect nonce validation on the
save_meta_box() function. This makes it possible for unauthenticated attackers
to save metabox data via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36753
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Modern Footnotes plugin
for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
shortcode in versions up to, and including, 1.4.16 due to insufficient input
sanitization and output escaping on user supplied attributes. This makes it
possible for authenticated attackers, with contributor-level permissions and
above, to inject arbitrary web scripts in pages that will execute whenever a
user accesses an injected page.Published 2023-10-20CVSS Score 5.4Source & Patch
Info CVE-2023-5618
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Fancy Product Designer
plugin for WordPress is vulnerable to unauthorized access to data and
modification of plugin settings due to a missing capability check on multiple
AJAX functions in versions up to, and including, 4.6.9. This makes it possible
for authenticated attackers with subscriber-level permissions to modify plugin
settings, including retrieving arbitrary order information or
creating/updating/deleting products, orders, or other sensitive information not
associated with their own account.Published 2023-10-20CVSS Score 6.3Source &
Patch Info CVE-2021-4335
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Skype Legacy Buttons
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due
to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers with
contributor-level and above permissions to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.Published
2023-10-20CVSS Score 5.4Source & Patch Info CVE-2023-5615
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WooCommerce Dynamic
Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated
settings export in versions up to, and including, 2.4.1. This is due to missing
authorization on the export() function which makes makes it possible for
unauthenticated attackers to export the plugin's settings.Published
2023-10-20CVSS Score 5.3Source & Patch Info CVE-2021-4353
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The nsc theme for WordPress
is vulnerable to Reflected Cross-Site Scripting via prototype pollution in
versions up to, and including, 1.0 due to insufficient input sanitization and
output escaping. This makes it possible for unauthenticated attackers to inject
arbitrary web scripts in pages that execute if they can successfully trick a
user into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 6.1Source & Patch Info CVE-2023-3965
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11
versions.Published 2023-10-25CVSS Score 6.1Source & Patch Info CVE-2023-45772
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Podcast Subscribe
Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to
insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.Published 2023-10-20CVSS Score
5.4Source & Patch Info CVE-2023-5308
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Website Builder by
SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in
versions up to, and including, 6.15.13.1. This is due to missing or incorrect
nonce validation on functionality in the builder.php file. This makes it
possible for unauthenticated attackers to change the stripe connect token via a
forged request granted they can trick a site administrator into performing an
action such as clicking on a link.Published 2023-10-20CVSS Score 4.3Source &
Patch Info CVE-2023-4975
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Sitekit plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe'
shortcode in versions up to, and including, 1.4 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected
page.Published 2023-10-20CVSS Score 5.4Source & Patch Info CVE-2023-5071
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Spider Teams ApplyOnline - Application Form
Builder and Manager plugin <= 2.5.2 versions.Published 2023-10-25CVSS Score
6.1Source & Patch Info CVE-2023-45756
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin
<= 1.5.2 versions.Published 2023-10-25CVSS Score 4.8Source & Patch Info
CVE-2023-45768
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin
<= 3.0.6.5 versions.Published 2023-10-25CVSS Score 4.8Source & Patch Info
CVE-2023-45747
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The RSS Aggregator by Feedzy
plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
to, and including, 3.4.2. This is due to missing or incorrect nonce validation
on the save_feedzy_post_type_meta() function. This makes it possible for
unauthenticated attackers to update post meta via a forged request granted they
can trick a site administrator into performing an action such as clicking on a
link.Published 2023-10-20CVSS Score 4.3Source & Patch Info CVE-2020-36758
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Super Testimonials
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to
insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.Published 2023-10-20CVSS Score
5.4Source & Patch Info CVE-2023-5613
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Social Media Share
Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive
Information Exposure in versions up to, and including, 2.8.5 via the
sfsi_save_export function. This can allow subscribers to export plugin settings
that include social media authentication tokens and secrets as well as app
passwords.Published 2023-10-20CVSS Score 6.5Source & Patch Info CVE-2023-5070
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Modern Events Calendar
lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
Google API key and Calendar ID in versions up to, but not including, 7.1.0 due
to insufficient input sanitization and output escaping. This makes it possible
for authenticated attackers, with administrator-level permissions and above, to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page. This only affects multi-site installations and installations
where unfiltered_html has been disabled.Published 2023-10-20CVSS Score 4.8Source
& Patch Info CVE-2023-4021
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Your Journey theme for
WordPress is vulnerable to Reflected Cross-Site Scripting via prototype
pollution in versions up to, and including, 1.9.8 due to insufficient input
sanitization and output escaping. This makes it possible for unauthenticated
attackers to inject arbitrary web scripts in pages that execute if they can
successfully trick a user into performing an action such as clicking on a
link.Published 2023-10-20CVSS Score 6.1Source & Patch Info CVE-2023-3933
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin
<= 1.4.0.2 versions.Published 2023-10-25CVSS Score 4.8Source & Patch Info
CVE-2023-45767
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Slimstat Analytics
plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode
in versions up to, and including, 5.0.9 due to insufficient escaping on the user
supplied parameter and lack of sufficient preparation on the existing SQL query.
This makes it possible for authenticated attackers with contributor-level and
above permissions to append additional SQL queries into already existing queries
that can be used to extract sensitive information from the database.Published
2023-10-20CVSS Score 6.5Source & Patch Info CVE-2023-4598
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WPLegalPages plugin for
WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage'
shortcode in versions up to, and including, 2.9.2 due to insufficient input
sanitization and output escaping on user supplied attributes. This makes it
possible for authenticated attackers with author-level and above permissions to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page.Published 2023-10-20CVSS Score 4.8Source & Patch Info
CVE-2023-4968
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Custom CSS, JS & PHP
plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
to, and including, 2.0.7. This is due to missing or incorrect nonce validation
on the save() function. This makes it possible for unauthenticated attackers to
save code snippets via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2021-4418
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The WooCommerce EAN Payment
Gateway plugin for WordPress is vulnerable to unauthorized modification of data
due to a missing capability check on the refresh_order_ean_data AJAX action in
versions up to 6.1.0. This makes it possible for authenticated attackers with
contributor-level access and above, to update EAN numbers for orders.Published
2023-10-20CVSS Score 4.3Source & Patch Info CVE-2023-4947
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Migration, Backup,
Staging - WPvivid plugin for WordPress is vulnerable to Directory Traversal in
versions up to, and including, 0.9.89. This allows authenticated attackers with
administrative privileges to delete the contents of arbitrary directories on the
server, which can be a critical issue in a shared environments.Published
2023-10-20CVSS Score 6.5Source & Patch Info CVE-2023-4274
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Migration, Backup,
Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the image file path parameter in versions up to, and including,
0.9.89 due to insufficient input sanitization and output escaping. This makes it
possible for authenticated attackers with administrative privileges to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-20CVSS Score 4.8Source & Patch Info
CVE-2023-5120
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription An authentication
bypass by spoofing of a device with a synthetic IP address is possible in
Zscaler Client Connector on Windows, allowing a functionality bypass. This issue
affects Client Connector: before 3.9.Published 2023-10-23CVSS Score 6.5Source &
Patch Info CVE-2023-28803
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription Zscaler Client
Connector Installer on Windows before version 3.4.0.124 improperly handled
directory junctions during uninstallation. A local adversary may be able to
delete folders in an elevated context.Published 2023-10-23CVSS Score 5.5Source &
Patch Info CVE-2021-26734
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription An Improper
Verification of Cryptographic Signature vulnerability in Zscaler Client
Connector on Linux allows replacing binaries.This issue affects Linux Client
Connector: before 1.4.0.105Published 2023-10-23CVSS Score 5.3Source & Patch Info
CVE-2023-28804
MISC(link is external)Primary
Vendor -- Product zscaler -- client_connectorDescription The Zscaler Client
Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A
local adversary without sufficient privileges may be able to shutdown the
Zscaler tunnel by exploiting a race condition.Published 2023-10-23CVSS Score
4.7Source & Patch Info CVE-2021-26737
MISC(link is external)
Back to top
LOW VULNERABILITIES
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product, Description, Published, CVSS Score, Source & Patch Info There
were no low vulnerabilities recorded this week.
Back to top
SEVERITY NOT YET ASSIGNED
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoPrimary
Vendor -- Product abus_group -- tvipDescription An issue was discovered on
certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite,
an attacker can write to files, and thus execute code arbitrarily with root
privileges.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2018-16739
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product abus_group -- tvipDescription Hardcoded manufacturer
credentials and an OS command injection vulnerability in the /cgi-bin/mft/
directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050
MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03,
TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to
execute code as root.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2018-17558
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product abus_group -- tvipDescription Due to incorrect access control,
unauthenticated remote attackers can view the /video.mjpg video stream of
certain ABUS TVIP cameras.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2018-17559
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product abus_group -- tvipDescription Buffer Overflow vulnerability in
certain ABUS TVIP cameras allows attackers to gain control of the program via
crafted string sent to sprintf() function.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2018-17878
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product abus_group -- tvipDescription An issue was discovered on
certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute
code via system() as root. There are several injection points in various
scripts.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2018-17879
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product agevolt_slovakia_s.r.o. -- agevolt_portalDescription An
arbitrary file upload and directory traversal vulnerability exist in the file
upload functionality of the System Setup menu in AgeVolt Portal prior to version
0.1. A remote authenticated attacker could leverage this vulnerability to upload
files to any location on the target operating system with web server
privileges.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2022-38484
MISC(link is external)Primary
Vendor -- Product agevolt_slovakia_s.r.o. -- agevolt_portalDescription A
directory traversal vulnerability exists in the AgeVolt Portal prior to version
0.1 that leads to Information Disclosure. A remote authenticated attacker could
leverage this vulnerability to read files from any location on the target
operating system with web server privileges.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2022-38485
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal')Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-42488
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-732: Incorrect Permission Assignment for Critical ResourcePublished
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42489
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-200: Exposure of Sensitive Information to an Unauthorized ActorPublished
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42490
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-285: Improper AuthorizationPublished 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42491
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-321: Use of Hard-coded Cryptographic KeyPublished 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-42492
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-256: Plaintext Storage of a PasswordPublished 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42493
MISC(link is external)Primary
Vendor -- Product alexander_maier_gmbh -- eisbaer_scadaDescription EisBaer Scada
- CWE-749: Exposed Dangerous Method or FunctionPublished 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-42494
MISC(link is external)Primary
Vendor -- Product anglaise.company -- anglaise.companyDescription An issue in
Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain
sensitive information via crafted GET request.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-38845
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- activemqDescription Apache ActiveMQ is vulnerable to
Remote Code Execution. The vulnerability may allow a remote attacker with
network access to a broker to run arbitrary shell commands by manipulating
serialized class types in the OpenWire protocol to cause the broker to
instantiate any class on the classpath. Users are recommended to upgrade to
version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46604
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- airflow_celeryDescription Insertion of Sensitive
Information into Log File vulnerability in Apache Airflow Celery provider,
Apache Airflow. Sensitive information logged as clear text when rediss, amqp,
rpc protocols are used as Celery result backend Note: the vulnerability is about
the information exposed in the logs not about accessing the logs. This issue
affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache
Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow
Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes
the issue.Published 2023-10-28CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46215
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- http_serverDescription An attacker, opening a HTTP/2
connection with an initial window size of 0 was able to block handling of that
connection indefinitely in Apache HTTP Server. This could be used to exhaust
worker resources in the server, similar to the well-known "slow loris" attack
pattern. This has been fixed in version 2.4.58 so that such connections are
terminated properly after the configured connection timeout. This issue affects
Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade
to version 2.4.58, which fixes the issue.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-43622
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apache -- http_server
Description When a HTTP/2 stream was reset (RST frame) by a client, there was a
time window were the request's memory resources were not reclaimed immediately.
Instead, de-allocation was deferred to connection close. A client could send new
requests and resets, keeping the connection busy and open and causing the memory
footprint to keep on growing. On connection close, all resources were reclaimed,
but the process might run out of memory before that. This was found by the
reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with
their own test client. During "normal" HTTP/2 use, the probability to hit this
bug is very low. The kept memory would not become noticeable before the
connection closes or times out. Users are recommended to upgrade to version
2.4.58, which fixes the issue.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45802
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- ios/ipadosDescription This issue was addressed with
improved redaction of sensitive information. This issue is fixed in iOS 16.7.2
and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-32359
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- ios/ipadosDescription The issue was addressed with
improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device
may persistently fail to lock.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40445
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed with
additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An
attacker may be able to access passkeys without authentication.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40401
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A use-after-free issue was addressed
with improved memory management. This issue is fixed in macOS Sonoma 14.1. An
app may be able to execute arbitrary code with kernel privileges.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40404
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A privacy issue was addressed with
improved private data redaction for log entries. This issue is fixed in macOS
Sonoma 14.1. An app may be able to read sensitive location information.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40405
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A permissions issue was addressed
with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS
Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive
user data.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40421
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A privacy issue was addressed with
improved private data redaction for log entries. This issue is fixed in macOS
Monterey 12.7.1. An app with root privileges may be able to access private
information.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40425
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A permissions issue was addressed
with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app
may be able to access user-sensitive data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-40444
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed with
improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able
to access protected user data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41077
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription This issue was addressed by removing
the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey
12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone
without the microphone use indicator being shown.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-41975
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed with
improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS
16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing
history.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41977
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed by
restricting options offered on a locked device. This issue is fixed in macOS
Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the
Lock Screen.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41989
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription An inconsistent user interface issue
was addressed with improved state management. This issue is fixed in macOS
Sonoma 14.1. Visiting a malicious website may lead to user interface
spoofing.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-42438
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed with
improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to
access sensitive user data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42842
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription The issue was addressed with
improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may
be able to access sensitive user data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42850
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- macosDescription A logic issue was addressed with
improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker
with knowledge of a standard user's credentials can unlock another standard
user's locked screen on the same Mac.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42861
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription An inconsistent user
interface issue was addressed with improved state management. This issue is
fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1
and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40408
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS
17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS
Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location
information.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40413
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1,
macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS
Sonoma 14.1. Processing an image may result in disclosure of process
memory.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40416
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1,
macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS
Sonoma 14.1. An app may be able to execute arbitrary code with kernel
privileges.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-40423
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1,
watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS
17.1. Processing web content may lead to arbitrary code execution.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40447
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1,
macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS
Sonoma 14.1. An app may be able to cause a denial-of-service.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-40449
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A privacy issue was
addressed with improved private data redaction for log entries. This issue is
fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to
access sensitive user data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41072
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A privacy issue was
addressed with improved private data redaction for log entries. This issue is
fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2,
macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive
user data.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41254
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A use-after-free issue
was addressed with improved memory management. This issue is fixed in iOS 17.1
and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1,
Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code
execution.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-41976
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
by restricting options offered on a locked device. This issue is fixed in macOS
Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS
17.1. An attacker with physical access may be able to use Siri to access
sensitive user data.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41982
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari
17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web
content may lead to a denial-of-service.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41983
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
by restricting options offered on a locked device. This issue is fixed in macOS
Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical
access may be able to use Siri to access sensitive user data.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-41988
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
by restricting options offered on a locked device. This issue is fixed in macOS
Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS
17.1. An attacker with physical access may be able to use Siri to access
sensitive user data.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41997
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS
17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app
may be able to execute arbitrary code with kernel privileges.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42841
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1,
macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access
sensitive user data when resolving symlinks.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-42844
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription An authentication issue
was addressed with improved state management. This issue is fixed in macOS
Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be
viewed without authentication.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42845
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2
and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be
passively tracked by its Wi-Fi MAC address.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-42846
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A logic issue was
addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS
17.1 and iPadOS 17.1. An attacker may be able to access passkeys without
authentication.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-42847
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1,
macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura
13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code
execution may be able to bypass kernel memory mitigations.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42849
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A logic issue was
addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1,
watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS
17.1. Processing web content may lead to arbitrary code execution.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42852
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription This issue was addressed
by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS
Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a
denial-of-service to Endpoint Security clients.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-42854
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription The issue was addressed
with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS
Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected
app termination or arbitrary code execution.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-42856
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product apple -- multiple_productsDescription A privacy issue was
addressed with improved private data redaction for log entries. This issue is
fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to
access sensitive user data.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42857
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ashlar-vellum -- graphite
Description In Ashlar-Vellum Graphite v13.0.48, the affected application lacks
proper validation of user-supplied data when parsing VC6 files. This could lead
to an out-of-bounds read. An attacker could leverage this vulnerability to
execute arbitrary code in the context of the current process.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-39936
MISCPrimary
Vendor -- Product ashlar-vellum -- multiple_productsDescription In Ashlar-Vellum
Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the
affected applications lack proper validation of user-supplied data when parsing
XE files. This could lead to an out-of-bounds write. An attacker could leverage
this vulnerability to execute arbitrary code in the context of the current
process.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39427
MISCPrimary
Vendor -- Product audimex -- audimexDescription Audimex 15.0.0 is vulnerable to
Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter
search filters.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46396
MISC(link is external)Primary
Vendor -- Product basercms -- basercmsDescription baserCMS is a website
development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS
Vulnerability in Favorites Feature to baserCMS. This issue has been patched in
version 4.8.0.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-29009
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product bosch_rexroth_ag -- ctrlx_hmi_web_pane
Description The Android Client application, when enrolled to the AppHub
server,connects to an MQTT broker without enforcing any server
authentication. This issue allows an attacker to force the Android Client
application to connect to a malicious MQTT broker, enabling it to send fake
messages to the HMI devicePublished 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45851
MISC(link is external)Primary
Vendor -- Product bosch_rexroth_ag -- ctrlx_hmi_web_panelDescription The Android
Client application, when enrolled with the define method 1 (the user manually
inserts the server ip address), use HTTP protocol to retrieve sensitive
information (ip address and credentials to connect to a remote MQTT broker
entity) instead of HTTPS and this feature is not configurable by the user. Due
to the lack of encryption of HTTP,this issue allows an attacker placed in the
same subnet network of the HMI device to intercept username and password
necessary to authenticate to the MQTT server responsible to implement the remote
management protocol.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-45321
MISC(link is external)Primary
Vendor -- Product bosch_rexroth_ag -- ctrlx_hmi_web_panelDescription The Android
Client application, when enrolled to the AppHub server, connects to an MQTT
broker to exchange messages and receive commands to execute on the HMI device.
The protocol builds on top of MQTT to implement the remote management of the
device is encrypted with a hard-coded DES symmetric key, that can be retrieved
reversing both the Android Client application and the server-side web
application. This issue allows an attacker able to control a malicious MQTT
broker on the same subnet network of the device, to craft malicious messages and
send them to the HMI device, executing arbitrary commands on the device
itself.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46102
MISC(link is external)Primary
Vendor -- Product browserify -- browserifyDescription browserify-sign is a
package to duplicate the functionality of node's crypto public key functions,
much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound
check issue in `dsaVerify` function allows an attacker to construct signatures
that can be successfully verified by any public key, thus leading to a signature
forgery attack. All places in this project that involve DSA verification of
user-input signatures will be affected by this vulnerability. This issue has
been patched in version 4.2.2.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46234
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cacti -- cactiDescription SQL Injection vulnerability in Cacti
v1.2.25 allows a remote attacker to obtain sensitive information via the
form_actions() function in the managers.php function.Published 2023-10-27CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46490
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product carrental -- carrentalDescription carRental 1.0 is vulnerable
to Incorrect Access Control (Arbitrary File Read on the Back-end
System).Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-33517
MISC(link is external)Primary
Vendor -- Product cassia_networks -- access_controllerDescription An issue was
discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal
endpoint (spawned console) can be accessed without authentication. Specifically,
there is no session cookie validation on the Access Controller; instead, there
is only Basic Authentication to the SSH console.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-35794
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product catdoc -- catdocDescription Catdoc v0.95 was discovered to
contain a NULL pointer dereference via the component xls2csv at
src/xlsparse.c.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46345
MISC(link is external)Primary
Vendor -- Product christina_japan_line -- christina_japan_lineDescription An
issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain
sensitive information via crafted GET request.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-38847
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cisco -- cisco_ios_xe_softwareDescription A vulnerability in
the web UI feature of Cisco IOS XE Software could allow an authenticated, remote
attacker to inject commands with the privileges of root. This vulnerability is
due to insufficient input validation. An attacker could exploit this
vulnerability by sending crafted input to the web UI. A successful exploit could
allow the attacker to inject commands to the underlying operating system with
root privileges.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-20273
MISC(link is external)Primary
Vendor -- Product cloud_software_group -- netscaler_adc/gatewayDescription
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a
Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual
ServerPublished 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4967
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription An issue in
CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a
crafted payload to the Content Manager Menu component.Published 2023-10-26CVSS
Score not yet calculatedSource & Patch Info CVE-2023-43352
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the Title parameter in the News Menu
component.Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-43358
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product cmsmadesimple -- cmsmadesimpleDescription Cross Site Scripting
vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute
arbitrary code via a crafted script to the Top Directory parameter in the File
Picker Menu component.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-43360
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product code-projects -- admission_management_systemDescription A
vulnerability was found in code-projects Admission Management System 1.0. It has
been rated as critical. Affected by this issue is some unknown functionality of
the file student_avatar.php. The manipulation leads to unrestricted upload. The
attack may be launched remotely. The exploit has been disclosed to the public
and may be used. The identifier of this vulnerability is VDB-243728.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-5829
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- pos_systemDescription A vulnerability was found
in CodeAstro POS System 1.0. It has been declared as critical. Affected by this
vulnerability is an unknown functionality of the file /profil of the component
Profile Picture Handler. The manipulation leads to unrestricted upload. The
attack can be launched remotely. The exploit has been disclosed to the public
and may be used. The identifier VDB-243601 was assigned to this
vulnerability.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5795
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product codeastro -- pos_systemDescription A vulnerability was found
in CodeAstro POS System 1.0. It has been rated as critical. Affected by this
issue is some unknown functionality of the file /setting of the component Logo
Handler. The manipulation leads to unrestricted upload. The attack may be
launched remotely. The exploit has been disclosed to the public and may be used.
VDB-243602 is the identifier assigned to this vulnerability.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-5796
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product coderedcorp -- wagtail_crxDescription views.py in Wagtail CRX
CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows
upward protected/..%2f..%2f path traversal when serving protected
media.Published 2023-10-22CVSS Score not yet calculatedSource & Patch Info
CVE-2021-46897
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product columbiasoft -- document_locatorDescription A vulnerability
classified as critical has been found in ColumbiaSoft Document Locator. This
affects an unknown part of the file /api/authentication/login of the component
WebTools. The manipulation of the argument Server leads to improper
authentication. It is possible to initiate the attack remotely. Upgrading to
version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to
upgrade the affected component. The identifier VDB-243729 was assigned to this
vulnerability.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5830
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product concrete_cms -- concrete_cmsDescription Multiple Cross Site
Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to
execute arbitrary code via a crafted script to the Header and Footer Tracking
Codes of the SEO & Statistics.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-44760
MISC(link is external)Primary
Vendor -- Product contec_co._ltd. -- solarview_compactDescription An issue in
Contec SolarView Compact v.6.0 and before allows an attacker to execute
arbitrary code via the texteditor.php component.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46509
MISC(link is external)Primary
Vendor -- Product crypto-es -- crypto-esDescription CryptoES is a cryptography
algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0,
CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at
least 1,300,000 times weaker than current industry standard. This is because it
both defaults to SHA1, a cryptographic hash algorithm considered insecure since
at least 2005, and defaults to one single iteration, a 'strength' or
'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on
iteration count as a countermeasure to preimage and collision attacks. If used
to protect passwords, the impact is high. If used to generate signatures, the
impact is high. Version 2.1.0 contains a patch for this issue. As a workaround,
configure CryptoES to use SHA256 with at least 250,000 iterations.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46133
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product crypto-js -- crypto-jsDescription crypto-js is a JavaScript
library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000
times weaker than originally specified in 1993, and at least 1,300,000 times
weaker than current industry standard. This is because it both defaults to SHA1,
a cryptographic hash algorithm considered insecure since at least 2005, and
defaults to one single iteration, a 'strength' or 'difficulty' value specified
at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a
countermeasure to preimage and collision attacks. If used to protect passwords,
the impact is high. If used to generate signatures, the impact is high. Version
4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to
use SHA256 with at least 250,000 iterations.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46233
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product d-link -- dar-7000
Description SQL injection vulnerability in D-Link Online behavior audit gateway
DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information
and execute arbitrary code via the editrole.php component.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-42406
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product deciso_b.v. -- opnsenseDescription DECISO OPNsense 23.1 does
not impose rate limits for authentication, allowing attackers to perform a
brute-force attack to bypass authentication.Published 2023-10-23CVSS Score not
yet calculatedSource & Patch Info CVE-2023-27152
MISC(link is external)Primary
Vendor -- Product django_grappelli -- django_grappelliDescription
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2
attempts to prevent external redirection with startswith("/") but this does not
consider a protocol-relative URL (e.g., //example.com) attack.Published
2023-10-22CVSS Score not yet calculatedSource & Patch Info CVE-2021-46898
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dragon_path -- 707gr1Description A vulnerability classified as
problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an
unknown function of the component Ping Diagnostics. The manipulation of the
argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross
site scripting. It is possible to launch the attack remotely. The exploit has
been disclosed to the public and may be used. VDB-243594 is the identifier
assigned to this vulnerability.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5789
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product dromara_sureness -- dromara_surenessDescription Dromara
Sureness before v1.0.8 was discovered to use a hardcoded key.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-31581
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product egroupware -- egroupwareDescription An issue was discovered in
eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the
setup panel of under setup/manageheader.php, which allows authenticated remote
attackers with administrator credentials to read a cleartext database
password.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-38328
MISC(link is external)Primary
Vendor -- Product elastic -- beatsDescription It was discovered that when acting
as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not
verify whether the server certificate is valid for the target IP address;
however, certificate signature validation is still performed. More specifically,
when the client is configured to connect to an IP address (instead of a
hostname) it does not validate the server certificate's IP SAN values against
that IP address and certificate validation fails, and therefore the connection
is not blocked as expected.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-31421
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- elastic_cloud_on_kubernetesDescription Secret token
configuration is never applied when using ECK <2.8 with APM Server >=8.0. This
could lead to anonymous requests to an APM Server being accepted and the data
ingested into this APM deployment.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-31416
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic --
elastic_sharepoint_online_python_connectorDescription An issue was discovered
when using Document Level Security and the SPO "Limited Access" functionality in
Elastic Sharepoint Online Python Connector. If a user is assigned limited access
permissions to an item on a SharePoint site then that user would have read
permissions to all content on the Sharepoint site through
Elasticsearch.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46666
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- elasticsearchDescription Elasticsearch generally
filters out sensitive information and credentials before logging to the audit
log. It was found that this filtering was not applied when requests to
Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is
that sensitive information such as passwords and tokens might be printed in
cleartext in Elasticsearch audit logs. Note that audit logging is disabled by
default and needs to be explicitly enabled and even when audit logging is
enabled, request bodies that could contain sensitive information are not printed
to the audit log unless explicitly configured.Published 2023-10-26CVSS Score not
yet calculatedSource & Patch Info CVE-2023-31417
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- elasticsearchDescription An issue has been
identified with how Elasticsearch handled incoming requests on the HTTP layer.
An unauthenticated user could force an Elasticsearch node to exit with an
OutOfMemory error by sending a moderate number of malformed HTTP requests. The
issue was identified by Elastic Engineering and we have no indication that the
issue is known or that it is being exploited in the wild.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-31418
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- elasticsearchDescription A flaw was discovered in
Elasticsearch, affecting the _search API that allowed a specially crafted query
string to cause a Stack Overflow and ultimately a Denial of Service.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-31419
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- endpointDescription If Elastic Endpoint (v7.9.0 -
v8.10.3) is configured to use a non-default option in which the logging level is
explicitly set to debug, and when Elastic Agent is simultaneously configured to
collect and send those logs to Elasticsearch, then Elastic Agent API keys can be
viewed in Elasticsearch in plaintext. These API keys could be used to write
arbitrary data and read Elastic Endpoint user artifacts.Published 2023-10-26CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46668
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- fleet_serverDescription An issue was discovered in
Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being
inserted into the Fleet Server's log file in plain text. These enrolment tokens
could allow someone to enroll an agent into an agent policy, and potentially use
that to retrieve other secrets in the policy including for Elasticsearch and
third-party services. Alternatively a threat actor could potentially enrol
agents to the clusters and send arbitrary events to Elasticsearch.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46667
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product elastic -- kibanaDescription An issue was discovered by
Elastic whereby sensitive information is recorded in Kibana logs in the event of
an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON
layout or when the pattern layout is configured to log the %meta pattern.
Elastic has released Kibana 8.10.1 which resolves this issue. The error object
recorded in the log contains request information, which can include sensitive
data, such as authentication credentials, cookies, authorization headers, query
params, request paths, and other metadata. Some examples of sensitive data which
can be included in the logs are account credentials for kibana_system,
kibana-metricbeat, or Kibana end-users.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-31422
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product exfatprogs -- exfatprogsDescription exfatprogs before 1.2.2
allows out-of-bounds memory access, such as in read_file_dentry_set.Published
2023-10-28CVSS Score not yet calculatedSource & Patch Info CVE-2023-45897
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fancms -- fancmsDescription Cross Site Scripting vulnerability
in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1
parameter in the demo.php file.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46505
MISC(link is external)Primary
Vendor -- Product ffmpeg -- ffmpegDescription FFmpeg prior to commit bf814 was
discovered to contain an out of bounds read via the dist->alphabet_size variable
in the read_vlc_prefix() function.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46407
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fides -- fidesDescription Fides is an open-source privacy
engineering platform for managing the fulfillment of data privacy requests in
runtime environments, and the enforcement of privacy regulations in code. The
Fides web application allows a custom integration to be uploaded as a ZIP file
containing configuration and dataset definitions in YAML format. It was
discovered that specially crafted YAML dataset and config files allow a
malicious user to perform arbitrary requests to internal systems and exfiltrate
data outside the environment (also known as a Server-Side Request Forgery). The
application does not perform proper validation to block attempts to connect to
internal (including localhost) resources. The vulnerability has been patched in
Fides version `2.22.1`.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46124
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fides -- fidesDescription Fides is an open-source privacy
engineering platform for managing the fulfillment of data privacy requests in a
runtime environment, and the enforcement of privacy regulations in code. The
Fides webserver API allows users to retrieve its configuration using the `GET
api/v1/config` endpoint. The configuration data is filtered to suppress most
sensitive configuration information before it is returned to the user, but even
the filtered data contains information about the internals and the backend
infrastructure, such as various settings, servers' addresses and ports and
database username. This information is useful for administrative users as well
as attackers, thus it should not be revealed to low-privileged users. This
vulnerability allows Admin UI users with roles lower than the owner role e.g.
the viewer role to retrieve the config information using the API. The
vulnerability has been patched in Fides version `2.22.1`.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46125
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fides -- fidesDescription Fides is an open-source privacy
engineering platform for managing the fulfillment of data privacy requests in
runtime environments, helping enforce privacy regulations in code. The Fides web
application allows users to edit consent and privacy notices such as cookie
banners. The vulnerability makes it possible to craft a payload in the privacy
policy URL which triggers JavaScript execution when the privacy notice is served
by an integrated website. The domain scope of the executed JavaScript is that of
the integrated website. Exploitation is limited to Admin UI users with the
contributor role or higher. The vulnerability has been patched in Fides version
`2.22.1`.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46126
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product flusity_cms -- flusity_cmsDescription A vulnerability was
found in flusity CMS and classified as problematic. This issue affects the
function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the
component Dashboard. The manipulation of the argument customblock_place leads to
cross site scripting. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. This product does not use versioning.
This is why information about affected and unaffected releases are unavailable.
The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended
to apply a patch to fix this issue. The associated identifier of this
vulnerability is VDB-243599.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5793
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product flusity_cms -- flusity_cmsDescription A vulnerability, which
was classified as problematic, has been found in flusity CMS. This issue affects
the function loadPostAddForm of the file core/tools/posts.php. The manipulation
of the argument edit_post_id leads to cross site scripting. The attack may be
initiated remotely. The exploit has been disclosed to the public and may be
used. This product takes the approach of rolling releases to provide continious
delivery. Therefore, version details for affected and updated releases are not
available. The identifier of the patch is
6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to
fix this issue. The identifier VDB-243641 was assigned to this
vulnerability.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5810
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product flusity_cms -- flusity_cmsDescription A vulnerability, which
was classified as problematic, was found in flusity CMS. Affected is the
function loadPostAddForm of the file core/tools/posts.php. The manipulation of
the argument menu_id leads to cross site scripting. It is possible to launch the
attack remotely. The exploit has been disclosed to the public and may be used.
Continious delivery with rolling releases is used by this product. Therefore, no
version details of affected nor updated releases are available. The patch is
identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to
apply a patch to fix this issue. VDB-243642 is the identifier assigned to this
vulnerability.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5811
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product flusity_cms -- flusity_cmsDescription A vulnerability has been
found in flusity CMS and classified as critical. Affected by this vulnerability
is the function handleFileUpload of the file core/tools/upload.php. The
manipulation of the argument uploaded_file leads to unrestricted upload. The
attack can be launched remotely. The exploit has been disclosed to the public
and may be used. This product does not use versioning. This is why information
about affected and unaffected releases are unavailable. The associated
identifier of this vulnerability is VDB-243643.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5812
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product fotoscms2 -- fotoscms2Description A vulnerability classified
as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This
vulnerability affects unknown code of the file profile.php of the component
Cookie Handler. The manipulation of the argument username leads to cross site
scripting. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. VDB-243802 is the identifier assigned to this
vulnerability.Published 2023-10-28CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5837
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product frappe -- frappeDescription Frappe is a full-stack web
application framework that uses Python and MariaDB on the server side and an
integrated client side library. A malicious Frappe user with desk access could
create documents containing HTML payloads allowing HTML Injection. This
vulnerability has been patched in version 14.49.0.Published 2023-10-23CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46127
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product free5gc -- free5gcDescription pkg/suci/suci.go in free5GC udm
before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack
because it may compute a shared secret via an uncompressed public key that has
not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries
to decrypt them via both its private key and the attacker's public key.Published
2023-10-23CVSS Score not yet calculatedSource & Patch Info CVE-2023-46324
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product frrouting_frr -- frrouting_frrDescription An issue was
discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI
data, leading to a crash.Published 2023-10-26CVSS Score not yet calculatedSource
& Patch Info CVE-2023-46752
MISC(link is external)Primary
Vendor -- Product frrouting_frr -- frrouting_frrDescription An issue was
discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP
UPDATE message without mandatory attributes, e.g., one with only an unknown
transit attribute.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46753
MISC(link is external)Primary
Vendor -- Product fukunaga_memberscard_line --
fukunaga_memberscard_lineDescription The leakage of the client secret in
Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access
token and send crafted broadcast messages.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39736
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product geeklog -- geeklogDescription Cross Site Scripting (XSS)
vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to
execute arbitrary code via a crafted payload to the grp_desc parameter of the
admin/group.php component.Published 2023-10-24CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46058
MISC(link is external)Primary
Vendor -- Product geeklog -- geeklogDescription Cross Site Scripting (XSS)
vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to
execute arbitrary code via a crafted payload to the Service, and website URL to
Ping parameters of the admin/trackback.php component.Published 2023-10-24CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46059
MISC(link is external)Primary
Vendor -- Product geoserver -- geoserverDescription GeoServer is an open source
software server written in Java that allows users to share and edit geospatial
data. The WMS specification defines an ``sld=<url>`` parameter for GetMap,
GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic
styling". Enabling the use of dynamic styles, without also configuring URL
checks, provides the opportunity for Service Side Request Forgery. This
vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed
or cracked externally to gain further access. This vulnerability has been
patched in versions 2.22.5 and 2.23.2.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41339
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product geoserver -- geoserverDescription GeoServer is an open source
software server written in Java that allows users to share and edit geospatial
data. The OGC Web Processing Service (WPS) specification is designed to process
information from any server using GET and POST requests. This presents the
opportunity for Server Side Request Forgery. This vulnerability has been patched
in version 2.22.5 and 2.23.2.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-43795
MISC(link is external)Primary
Vendor -- Product geoserver -- geowebcacheDescription A vulnerability was found
in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This
vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The
manipulation leads to direct request. The attack can be initiated remotely. The
exploit has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-243592.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5786
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product github -- enterprise_serverDescription Incorrect Permission
Assignment for Critical Resource in GitHub Enterprise Server that allowed local
operating system user accounts to read MySQL connection details including the
MySQL password via configuration files. This vulnerability affected all versions
of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and
3.10.3.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-23767
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In onTaskAppeared of
PipTaskOrganizer.java, there is a possible way to bypass background activity
launch restrictions due to a logic error in the code. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.Published 2023-10-27CVSS Score not
yet calculatedSource & Patch Info CVE-2023-40116
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In resetSettingsLocked of
SettingsProvider.java, there is a possible lockscreen bypass due to a
permissions bypass. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40117
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In multiple locations, there is a
possible way to bypass user notification of foreground services due to improper
input validation. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40120
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In appendEscapedSQLString of
DatabaseUtils.java, there is a possible SQL injection due to unsafe
deserialization. This could lead to local information disclosure with User
execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40121
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In updateActionViews of
PipMenuView.java, there is a possible bypass of a multi user security boundary
due to a confused deputy. This could lead to local information disclosure with
no additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40123
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In onCreate of ApnEditor.java,
there is a possible way for a Guest user to change the APN due to a permission
bypass. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40125
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In multiple locations, there is a
possible way to access screenshots due to a confused deputy. This could lead to
local information disclosure with no additional execution privileges needed.
User interaction is not needed for exploitation.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40127
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In several functions of
xmlregexp.c, there is a possible out of bounds write due to a heap buffer
overflow. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40128
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In build_read_multi_rsp of
gatt_sr.cc, there is a possible out of bounds write due to a heap buffer
overflow. This could lead to remote (proximal/adjacent) code execution with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40129
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In onBindingDied of
CallRedirectionProcessor.java, there is a possible permission bypass due to a
logic error in the code. This could lead to local escalation of privilege and
background activity launch with no additional execution privileges needed. User
interaction is not needed for exploitation.Published 2023-10-27CVSS Score not
yet calculatedSource & Patch Info CVE-2023-40130
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In GpuService of GpuService.cpp,
there is a possible use after free due to a race condition. This could lead to
local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40131
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In multiple locations of
DialogFillUi.java, there is a possible way to view another user's images due to
a confused deputy. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40133
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In isFullScreen of FillUi.java,
there is a possible way to view another user's images due to a confused deputy.
This could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-40134
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In applyCustomDescription of
SaveUi.java, there is a possible way to view another user's images due to a
confused deputy. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40135
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In setHeader of
DialogFillUi.java, there is a possible way to view another user's images due to
a confused deputy. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40136
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In multiple functions of
DialogFillUi.java, there is a possible way to view another user's images due to
a confused deputy. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-40137
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In FillUi of FillUi.java, there
is a possible way to view another user's images due to a confused deputy. This
could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-40138
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In FillUi of FillUi.java, there
is a possible way to view another user's images due to a confused deputy. This
could lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for exploitation.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-40139
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- androidDescription In
android_view_InputDevice_create of android_view_InputDevice.cpp, there is a
possible way to execute arbitrary code due to a use after free. This could lead
to local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-40140
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product google -- chrome
Description Use after free in Profiles in Google Chrome prior to 118.0.5993.117
allowed a remote attacker to potentially exploit heap corruption via a crafted
HTML page. (Chromium security severity: High)Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-5472
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product gougucms -- gougucmsDescription gougucms v4.08.18 was
discovered to contain a password reset poisoning vulnerability which allows
attackers to arbitrarily reset users' passwords via a crafted packet.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46393
MISC(link is external)Primary
Vendor -- Product gougucms -- gougucms
Description A stored cross-site scripting (XSS) vulnerability in
/home/user/edit_submit of gougucms v4.08.18 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into the
headimgurl parameter.Published 2023-10-27CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46394
MISC(link is external)Primary
Vendor -- Product grafana -- grafanaDescription Grafana is an open-source
platform for monitoring and observability. The WorldMap panel plugin, versions
before 1.0.4 contains a DOM XSS vulnerability.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-3010
MISC(link is external)Primary
Vendor -- Product hashicorp -- vagrantDescription HashiCorp Vagrant's Windows
installer targeted a custom location with a non-protected path that could be
junctioned, introducing potential for unauthorized file system writes. Fixed in
Vagrant 2.4.0.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5834
MISC(link is external)Primary
Vendor -- Product hcl_software -- hcl_commerceDescription HCL Commerce Remote
Store server could allow a remote attacker, using a specially-crafted URL, to
read arbitrary files on the system.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37532
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise --
aruba_clearpass_policy_managerDescription A vulnerability in the ClearPass
OnGuard Linux agent could allow malicious users on a Linux instance to elevate
their user privileges to those of a higher role. A successful exploit allows
malicious users to execute arbitrary code with root level privileges on the
Linux instance.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-43506
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise --
aruba_clearpass_policy_managerDescription A vulnerability in the web-based
management interface of ClearPass Policy Manager could allow an
authenticated remote attacker to conduct SQL injection attacks against the
ClearPass Policy Manager instance. An attacker could exploit this vulnerability
to obtain and modify sensitive information in the underlying database
potentially leading to complete compromise of the ClearPass Policy
Manager cluster.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-43507
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise --
aruba_clearpass_policy_managerDescription Vulnerabilities in the web-based
management interface of ClearPass Policy Manager allow an attacker with
read-only privileges to perform actions that change the state of the ClearPass
Policy Manager instance. Successful exploitation of these vulnerabilities allows
an attacker to complete state-changing actions in the web-based management
interface that should not be allowed by their current level of authorization on
the platform.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-43508
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise --
aruba_clearpass_policy_managerDescription A vulnerability in the web-based
management interface of ClearPass Policy Manager could allow an
unauthenticated remote attacker to send notifications to computers that
are running ClearPass OnGuard. These notifications can then be used to phish
users or trick them into downloading malicious software.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-43509
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise --
aruba_clearpass_policy_managerDescription A vulnerability in the ClearPass
Policy Manager web-based management interface allows remote authenticated users
to run arbitrary commands on the underlying host. A successful exploit could
allow an attacker to execute arbitrary commands as a non-privileged user on the
underlying operating system leading to partial system compromise.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-43510
MISC(link is external)Primary
Vendor -- Product hewlett_packard_enterprise -- hpe_oneviewDescription A remote
code execution issue exists in HPE OneView.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-30912
MISC(link is external)Primary
Vendor -- Product hp_inc. -- hp_print_and_scan_doctor_for_windowsDescription HP
Print and Scan Doctor for Windows may potentially be vulnerable to escalation of
privilege. HP is releasing software updates to mitigate the potential
vulnerability.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5671
MISC(link is external)Primary
Vendor -- Product hu60wap6 -- hu60wap6Description A vulnerability classified as
problematic was found in hu60t hu60wap6. Affected by this vulnerability is the
function markdown of the file src/class/ubbparser.php. The manipulation leads to
cross site scripting. The attack can be launched remotely. This product does not
use versioning. This is why information about affected and unaffected releases
are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It
is recommended to apply a patch to fix this issue. The associated identifier of
this vulnerability is VDB-243775.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5835
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- txseries_for_multiplatformsDescription IBM TXSeries for
Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and
11.1 could allow a privileged user to cause a denial of service due to
uncontrolled resource consumption. IBM X-Force ID: 266016.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-42031
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ibm -- websphere_application_server_libertyDescription IBM
WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide
weaker than expected security due to improper resource expiration handling. IBM
X-Force ID: 268775.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46158
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product icecms -- icecmsDescription IceCMS v2.0.1 is vulnerable to
Cross Site Request Forgery (CSRF).Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42188
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product idattend_pty_ltd -- idwebDescription Reflected cross-site
scripting in the StudentSearch component in IDAttend's IDWeb application 3.1.052
and earlier allows hijacking of a user's browsing session by attackers who have
convinced the said user to click on a malicious link.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-1356
MISC(link is external)Primary
Vendor -- Product ilias -- iliasDescription ILIAS (2013-09-12 release) contains
a medium-criticality Directory Traversal local file inclusion vulnerability in
the ScormAicc module. An attacker with a privileged account, typically holding
the tutor role, can exploit this to gain unauthorized access to and potentially
retrieve confidential files stored on the web server. The attacker can access
files that are readable by the web server user www-data; this may include
sensitive configuration files and documents located outside the documentRoot.
The vulnerability is exploited by an attacker who manipulates the file parameter
in a URL, inserting directory traversal sequences in order to access
unauthorized files. This manipulation allows the attacker to retrieve sensitive
files, such as /etc/passwd, potentially compromising the system's security. This
issue poses a significant risk to confidentiality and is remotely exploitable
over the internet.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-45867
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ilias -- iliasDescription The Learning Module in ILIAS 7.25
(2023-09-12 release) allows an attacker (with basic user privileges) to achieve
a high-impact Directory Traversal attack on confidentiality and availability. By
exploiting this network-based vulnerability, the attacker can move specified
directories, normally outside the documentRoot, to a publicly accessible
location via the PHP function rename(). This results in a total loss of
confidentiality, exposing sensitive resources, and potentially denying access to
the affected component and the operating system's components. To exploit this,
an attacker must manipulate a POST request during the creation of an exercise
unit, by modifying the old_name and new_name parameters via directory traversal.
However, it's essential to note that, when exploiting this vulnerability, the
specified directory will be relocated from its original location, rendering all
files obtained from there unavailable.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45868
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ilias -- iliasDescription ILIAS 7.25 (2023-09-12) allows any
authenticated user to execute arbitrary operating system commands remotely, when
a highly privileged account accesses an XSS payload. The injected commands are
executed via the exec() function in the execQuoted() method of the ilUtil class
(/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject
malicious commands into the system, potentially compromising the integrity,
confidentiality, and availability of the ILIAS installation and the underlying
operating system.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-45869
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ispconfig -- ispconfig
Description An issue was discovered in ISPConfig before 3.2.11p1. PHP code
injection can be achieved in the language file editor by an admin if
admin_allow_langedit is enabled.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46818
MISC(link is external)Primary
Vendor -- Product iterm2 -- iterm2Description iTerm2 before 3.4.20 allow
(potentially remote) code execution because of mishandling of certain escape
sequences related to tmux integration.Published 2023-10-22CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46300
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product iterm2 -- iterm2Description iTerm2 before 3.4.20 allow
(potentially remote) code execution because of mishandling of certain escape
sequences related to upload.Published 2023-10-22CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46301
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product iterm2 -- iterm2Description iTermSessionLauncher.m in iTerm2
before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have
shell metacharacters for a /usr/bin/man command line.Published 2023-10-23CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46321
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product iterm2 -- iterm2Description iTermSessionLauncher.m in iTerm2
before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's
initial character may be non-alphanumeric. The hostname's other characters may
be outside the set of alphanumeric characters, dash, and period.Published
2023-10-23CVSS Score not yet calculatedSource & Patch Info CVE-2023-46322
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product itop -- itopDescription iTop is an open source, web-based IT
service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying
`pages/preferences.php`, cross site scripting is possible. This issue is fixed
in versions 3.0.4 and 3.1.0.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-34446
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product itop -- itop
Description iTop is an open source, web-based IT service management platform.
Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is
possible. This issue is fixed in versions 3.0.4 and 3.1.0.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-34447
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ivanti -- secure_access_clientDescription A logged in user may
elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race
condition. When a particular process flow is initiated, an attacker can exploit
this condition to gain unauthorized elevated privileges on the affected
system.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-38041
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins GitHub Plugin 1.37.3 and
earlier does not escape the GitHub project URL on the build page when showing
changes, resulting in a stored cross-site scripting (XSS) vulnerability
exploitable by attackers with Item/Configure permission.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46650
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins Warnings Plugin 10.5.0
and earlier does not set the appropriate context for credentials lookup,
allowing attackers with Item/Configure permission to access and capture
credentials they are not entitled to. This fix has been backported to
10.4.1.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46651
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription A missing permission check in
Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with
Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials
stored in Jenkins.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46652
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins lambdatest-automation
Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO
level, potentially resulting in its exposure.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46653
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins CloudBees CD Plugin
1.1.32 and earlier follows symbolic links to locations outside of the expected
directory during the cleanup process of the 'CloudBees CD - Publish Artifact'
post-build step, allowing attackers able to configure jobs to delete arbitrary
files on the Jenkins controller file system.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46654
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins CloudBees CD Plugin
1.1.32 and earlier follows symbolic links to locations outside of the directory
from which artifacts are published during the 'CloudBees CD - Publish Artifact'
post-build step, allowing attackers able to configure jobs to publish arbitrary
files from the Jenkins controller file system to the previously configured
CloudBees CD server.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46655
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins Multibranch Scan Webhook
Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function
when checking whether the provided and expected webhook token are equal,
potentially allowing attackers to use statistical methods to obtain a valid
webhook token.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46656
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins Gogs Plugin 1.0.15 and
earlier uses a non-constant time comparison function when checking whether the
provided and expected webhook token are equal, potentially allowing attackers to
use statistical methods to obtain a valid webhook token.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46657
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins MSTeams Webhook Trigger
Plugin 0.1.1 and earlier uses a non-constant time comparison function when
checking whether the provided and expected webhook token are equal, potentially
allowing attackers to use statistical methods to obtain a valid webhook
token.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46658
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins Edgewall Trac Plugin
1.13 and earlier does not escape the Trac website URL on the build page,
resulting in a stored cross-site scripting (XSS) vulnerability exploitable by
attackers with Item/Configure permission.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46659
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jenkins -- jenkinsDescription Jenkins Zanata Plugin 0.6 and
earlier uses a non-constant time comparison function when checking whether the
provided and expected webhook token hashes are equal, potentially allowing
attackers to use statistical methods to obtain a valid webhook token.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46660
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jose4j -- jose4jDescription jose4j before v0.9.3 allows
attackers to set a low iteration count of 1000 or less.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-31582
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product jumpserver -- jumpserverDescription jumpserver is an open
source bastion machine, professional operation and maintenance security audit
system that complies with 4A specifications. A flaw in the Core API allows
attackers to bypass password brute-force protections by spoofing arbitrary IP
addresses. By exploiting this vulnerability, attackers can effectively make
unlimited password attempts by altering their apparent IP address for each
request. This vulnerability has been patched in version 3.8.0.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46123
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product juzawebcms -- juzawebcmsDescription Cross Site Scripting
vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute
arbitrary code via a crafted payload to the username parameter of the
registration page.Published 2023-10-28CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46467
MISC(link is external)Primary
Vendor -- Product juzawebcms -- juzawebcmsDescription An issue in juzawebCMS
v.3.4 and before allows a remote attacker to execute arbitrary code via a
crafted file to the custom plugin function.Published 2023-10-28CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46468
MISC(link is external)Primary
Vendor -- Product knot_resolver -- knot_resolver
Description Knot Resolver before 5.7.0 performs many TCP reconnections upon
receiving certain nonsensical responses from servers.Published 2023-10-22CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46317
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product kodbox -- kodboxDescription kodbox 1.44 is vulnerable to Cross
Site Scripting (XSS). Customizing global HTML results in storing XSS.Published
2023-10-23CVSS Score not yet calculatedSource & Patch Info CVE-2023-45998
MISC(link is external)Primary
Vendor -- Product kubernetes -- ingress-nginxDescription Ingress-nginx `path`
sanitization can be bypassed with `log_format` directive.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2022-4886
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product kubernetes -- ingress-nginxDescription Ingress nginx
annotation injection causes arbitrary command execution.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-5043
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product kubernetes -- ingress-nginxDescription Code injection via
nginx.ingress.kubernetes.io/permanent-redirect annotation.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5044
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lenovo -- app_storeDescription An information disclosure
vulnerability has been identified in the Lenovo App Store which may allow some
applications to gain unauthorized access to sensitive user data used by other
unrelated applications.Published 2023-10-27CVSS Score not yet calculatedSource &
Patch Info CVE-2022-3611
MISC(link is external)Primary
Vendor -- Product lenovo -- elliptic_labs_virtual_lock_sensorDescription A
vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14
Gen 3 that could allow an attacker with local access to execute code with
elevated privileges.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-3112
MISC(link is external)Primary
Vendor -- Product lenovo -- hardwarescanpluginDescription A denial of service
vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local
user with administrative access to trigger a system crash.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2022-0353
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lenovo -- hardwarescanpluginDescription A denial of service
vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local
user with administrative access to trigger a system crash.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2022-3698
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lenovo -- hardwarescanpluginDescription A privilege escalation
vulnerability was reported in the Lenovo HardwareScanPlugin prior to
version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a
local user to execute code with elevated privileges.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2022-3699
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product lenovo -- hardwarescanpluginDescription A denial of service
vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5
and earlier that could allow a local attacker to delete contents of an arbitrary
directory under certain conditions.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2022-3702
MISC(link is external)Primary
Vendor -- Product lenovo -- printer_gm265dnDescription A denial-of-service
vulnerability was found in the firmware used in Lenovo printers, where users
send illegal or malformed strings to an open port, triggering a denial of
service that causes a display error and prevents the printer from functioning
properly.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2022-3429
MISC(link is external)Primary
Vendor -- Product lenovo -- printer_gm265dnDescription A remote code execution
vulnerability was found in the firmware used in some Lenovo printers, which can
be caused by a remote user pushing an illegal string to the server-side
interface via a script, resulting in a stack overflow.Published 2023-10-27CVSS
Score not yet calculatedSource & Patch Info CVE-2022-34886
MISC(link is external)Primary
Vendor -- Product lenovo -- printer_gm265dnDescription Standard users can
directly operate and set printer configuration information , such as IP, in some
Lenovo Printers without having to authenticate with the administrator
password.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2022-34887
MISC(link is external)Primary
Vendor -- Product lenovo -- thinksystemDescription An authenticated XCC user
with Read-Only permission can change a different user's password through a
crafted API command. This affects ThinkSystem v2 and v3 servers with XCC;
ThinkSystem v1 servers are not affected.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4606
MISC(link is external)Primary
Vendor -- Product lenovo -- thinksystemDescription An authenticated XCC user
with elevated privileges can perform blind SQL injection in limited cases
through a crafted API command. This affects ThinkSystem v2 and v3 servers with
XCC; ThinkSystem v1 servers are not affected.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-4608
MISC(link is external)Primary
Vendor -- Product lenovo -- vantage_systemupdate_pluginDescription A Time of
Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage
SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local
attacker to delete arbitrary files.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2022-3700
MISC(link is external)Primary
Vendor -- Product lenovo -- vantage_systemupdate_pluginDescription A privilege
elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin
version 2.0.0.212 and earlier that could allow a local attacker to execute
arbitrary code with elevated privileges.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2022-3701
MISC(link is external)Primary
Vendor -- Product light-oauth2 -- light-oauth2Description light-oauth2 before
version 2.1.27 obtains the public key without any verification. This could allow
attackers to authenticate to the application with a crafted JWT token.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-31580
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernelDescription The reference count changes made as
part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free
flaw in the way memory objects were handled when they were being used to store a
surface. When running inside a VMware guest with 3D acceleration enabled, a
local, unprivileged user could potentially use this flaw to escalate their
privileges.Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5633
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description An issue was discovered in the Linux kernel before 6.5.9,
exploitable by local users with userspace access to MMIO registers. Incorrect
access checking in the #VC handler and instruction emulation of the SEV-ES
emulation of MMIO accesses could lead to arbitrary write access to kernel memory
(and thus privilege escalation). This depends on a race condition through which
userspace can replace an instruction before the #VC handler reads it.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46813
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product linux -- kernel
Description A heap out-of-bounds write vulnerability in the Linux kernel's
Linux Kernel Performance Events (perf) component can be exploited to achieve
local privilege escalation. If perf_read_group() is called while an event's
sibling_list is smaller than its child's sibling_list, it can increment or write
to memory locations outside of the allocated buffer. We recommend upgrading past
commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5717
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product man-group -- dtaleDescription D-Tale is the combination of a
Flask back-end and a React front-end to view & analyze Pandas data structures.
Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to
remote code execution, allowing attackers to run malicious code on the server.
This issue has been patched in version 3.7.0 by turning off "Custom Filter"
input by default. The only workaround for versions earlier than 3.7.0 is to only
host D-Tale to trusted users.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46134
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product marbre_lapin_line -- marbre_lapin_line Description An issue in
Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive
information via crafted GET request.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-38846
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product matsuya_line -- matsuya_line
Description The leakage of the client secret in Matsuya Line 13.6.1 allows
attackers to obtain the channel access token and send crafted broadcast
messages.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39737
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product matter-labs -- era-compiler-vyperDescription
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup
that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype
version 1.3.10, a bug prevented the initialization of the first immutable
variable for Vyper contracts meeting certain criteria. The problem arises when
there is a String or Array with more 256-bit words allocated than initialized.
It results in the second word's index unset, that is effectively set to 0, so
the first immutable value with the actual 0 index is overwritten in the
ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in
advance. The problem will go away, but it will get more expensive if the user
allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and
redeploying affected contracts is the only way of working around the
issue.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46232
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product memcached -- memcachedDescription In Memcached before 1.6.22,
a buffer overflow exists when processing multiget requests in proxy mode, if
there are many spaces after the "get" substring.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46852
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product memcached -- memcachedDescription In Memcached before 1.6.22,
an off-by-one error exists when processing proxy requests in proxy mode, if \n
is used instead of \r\n.Published 2023-10-27CVSS Score not yet calculatedSource
& Patch Info CVE-2023-46853
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mercury_a15 -- mercury_a15Description Mercury A15 V1.0
20230818_1.0.3 was discovered to contain a command execution vulnerability via
the component cloudDeviceTokenSuccCB.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46518
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mintty -- minttyDescription An issue in Mintty v.3.6.4 and
before allows a remote attacker to execute arbitrary code via crafted commands
to the terminal.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-39726
MISC(link is external)Primary
Vendor -- Product motorola -- mr2600_routerDescription A vulnerability has been
identified in the MR2600 router v1.0.18 and earlier that could allow an attacker
within range of the wireless network to successfully brute force the WPS pin,
potentially allowing them unauthorized access to a wireless network.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2022-3681
MISC(link is external)Primary
Vendor -- Product mozilla -- firefox
Description Using iterative requests an attacker was able to learn the size of
an opaque response, as well as the contents of a server-supplied Vary header.
This vulnerability affects Firefox < 119.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5722
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- firefox
Description An attacker with temporary script access to a site could have set a
cookie containing invalid characters using `document.cookie` that could have led
to unknown errors. This vulnerability affects Firefox < 119.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5723
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- firefox
Description A malicious web site can enter fullscreen mode while simultaneously
triggering a WebAuthn prompt. This could have obscured the fullscreen
notification and could have been leveraged in a spoofing attack. This
vulnerability affects Firefox < 119.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5729
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- firefox
Description Memory safety bugs present in Firefox 118. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code. This vulnerability
affects Firefox < 119.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5731
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- firefox_for_iosDescription When opening a page in
reader mode, the redirect URL could have caused attacker-controlled script to
execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability
affects Firefox for iOS < 119.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5758
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription It was possible for
certain browser prompts and dialogs to be activated or dismissed unintentionally
by the user due to an insufficient activation-delay. This vulnerability affects
Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5721
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription Drivers are not always
robust to extremely large draw calls and in some cases this scenario could have
led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4,
and Thunderbird < 115.4.1.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5724
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription A malicious installed
WebExtension could open arbitrary URLs, which under the right circumstance could
be leveraged to collect sensitive user data. This vulnerability affects Firefox
< 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-5725
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription A website could have
obscured the full screen notification by using the file open dialog. This could
have led to user confusion and possible spoofing attacks. *Note: This issue only
affected macOS operating systems. Other operating systems are unaffected.* This
vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird <
115.4.1.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5726
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription The executable file
warning was not presented when downloading .msix, .msixbundle, .appx, and
.appxbundle files, which can run commands on a user's computer. *Note: This
issue only affected Windows operating systems. Other operating systems are
unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and
Thunderbird < 115.4.1.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5727
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription During garbage
collection extra operations were performed on a object that should not be. This
could have led to a potentially exploitable crash. This vulnerability affects
Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5728
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription Memory safety bugs
present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary code. This
vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird <
115.4.1.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5730
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product mozilla -- multiple_productsDescription An attacker could have
created a malicious link using bidirectional characters to spoof the location in
the address bar when visited. This vulnerability affects Firefox < 117, Firefox
ESR < 115.4, and Thunderbird < 115.4.1.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5732
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product nanning_ontall_software_co._ltd. --
longxing_industrial_development_zone_project_construction_and_installation_management_systemDescription
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone
Project Construction and Installation Management System up to 20231026. It has
been declared as critical. Affected by this vulnerability is an unknown
functionality of the file login.aspx. The manipulation of the argument
tbxUserName leads to sql injection. The attack can be launched remotely. The
exploit has been disclosed to the public and may be used. The associated
identifier of this vulnerability is VDB-243727.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5828
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product nautobot -- nautobotDescription Nautobot is a Network
Automation Platform built as a web application atop the Django Python framework
with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API
endpoints, in combination with the `?depth=<N>` query parameter, can expose
hashed user passwords as stored in the database to any authenticated user with
access to these endpoints. The passwords are not exposed in plaintext. This
vulnerability has been patched in version 2.0.3.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46128
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netentsec -- ns-asg_application_security_gatewayDescription A
vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and
classified as critical. Affected by this issue is some unknown functionality of
the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument
messagecontent leads to sql injection. The exploit has been disclosed to the
public and may be used. VDB-243590 is the identifier assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5784
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netentsec -- ns-asg_application_security_gatewayDescription A
vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It
has been classified as critical. This affects an unknown part of the file
/protocol/firewall/addaddress_interpret.php. The manipulation of the argument
messagecontent leads to sql injection. The exploit has been disclosed to the
public and may be used. The associated identifier of this vulnerability is
VDB-243591. NOTE: The vendor was contacted early about this disclosure but did
not respond in any way.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5785
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netentsec -- ns-asg_application_security_gateway
Description A vulnerability was found in Netentsec NS-ASG Application Security
Gateway 6.3 and classified as critical. Affected by this issue is some unknown
functionality of the file /admin/list_onlineuser.php. The manipulation of the
argument SessionId leads to sql injection. The exploit has been disclosed to the
public and may be used. The identifier of this vulnerability is VDB-243716.
NOTE: We tried to contact the vendor early about the disclosure, but the
official mail address was not working properly.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5826
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product netmodule -- router_software
Description The web administration interface in NetModule Router Software
(NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command
constructed with unsanitized user input: shell metacharacters in the
/admin/gnssAutoAlign.php device_id parameter. This occurs because another thread
can be started before the trap that triggers the cleanup function. A successful
exploit could allow an authenticated user to execute arbitrary commands with
elevated privileges. NOTE: this is different from CVE-2023-0861 and
CVE-2023-0862, which were fixed in version 4.6.0.105.Published 2023-10-22CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46306
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product nextgen_healthcare -- mirth_connectDescription NextGen
Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated
remote code execution. Note that this vulnerability is caused by the incomplete
patch of CVE-2023-37679.Published 2023-10-26CVSS Score not yet calculatedSource
& Patch Info CVE-2023-43208
MISC(link is external)Primary
Vendor -- Product npmjs -- npmjs_node_email_checkDescription ReDos in NPMJS Node
Email Check v.1.0.4 allows an attacker to cause a denial of service via a
crafted string to the scpSyntax component.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39619
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product obl.ong -- obl.ongDescription The admin panel for Obl.ong
before 1.1.2 allows authorization bypass because the email OTP feature accepts
arbitrary numerical values.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46754
MISC(link is external)Primary
Vendor -- Product ocomon -- ocomonDescription An information disclosure
vulnerability in the component users-grid-data.php of Ocomon before v4.0.1
allows attackers to obtain sensitive information such as e-mails and
usernames.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-33558
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ocomon -- ocomonDescription A local file inclusion
vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to
execute arbitrary code by supplying a crafted PHP file.Published 2023-10-26CVSS
Score not yet calculatedSource & Patch Info CVE-2023-33559
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product omron_corporation -- cx-designerDescription CX-Designer
Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper
restriction of XML external entity reference (XXE) vulnerability. If a user
opens a specially crafted project file created by an attacker, sensitive
information in the file system where CX-Designer is installed may be
disclosed.Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-43624
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product onigiriya-musubee_line -- onigiriya-musubee_lineDescription
The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows
attackers to obtain the channel access token and send crafted broadcast
messages.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39740
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product openssl -- opensslDescription Issue summary: A bug has been
identified in the processing of key and initialisation vector (IV) lengths. This
can lead to potential truncation or overruns during the initialisation of some
symmetric ciphers. Impact summary: A truncation in the IV can result in
non-uniqueness, which could result in loss of confidentiality for some cipher
modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key
and IV have been established. Any alterations to the key length, via the
"keylen" parameter or the IV length, via the "ivlen" parameter, within the
OSSL_PARAM array will not take effect as intended, potentially causing
truncation or overreading of these values. The following ciphers and cipher
modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB
cipher modes, truncation of the IV can result in loss of confidentiality. For
example, when following NIST's SP 800-38D section 8.2.1 guidance for
constructing a deterministic IV for AES in GCM mode, truncation of the counter
portion could lead to IV reuse. Both truncations and overruns of the key and
overruns of the IV will produce incorrect results and could, in some cases,
trigger a memory exception. However, these issues are not currently assessed as
security critical. Changing the key and/or IV lengths is not considered to be a
common operation and the vulnerable API was recently introduced. It is likely
that application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons we expect the probability of an application being
vulnerable to this to be quite low. However, if an application is vulnerable
then this issue is considered very serious. For these reasons we have assessed
this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is
not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not
affected by this because the issue lies outside of the FIPS provider boundary.
OpenSSL 3.1 and 3.0 are vulnerable to this issue.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5363
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product palantir -- palantirDescription Gotham Orbital-Simulator
service prior to 0.692.0 was found to be vulnerable to a Path traversal issue
allowing an unauthenticated user to read arbitrary files on the file
system.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-30967
MISC(link is external)Primary
Vendor -- Product pallets -- werkzeugDescription Werkzeug is a comprehensive
WSGI web application library. If an upload of a file that starts with CR or LF
and then is followed by megabytes of data without these characters: all of these
bytes are appended chunk by chunk into internal bytearray and lookup for
boundary is performed on growing buffer. This allows an attacker to cause a
denial of service by sending crafted multipart data to an endpoint that will
parse it. The amount of CPU time required can block worker processes from
handling legitimate requests. This vulnerability has been patched in version
3.0.1.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46136
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product parse_server -- parse_serverDescription Parse Server is an
open source backend that can be deployed to any infrastructure that can run
Node.js. Parse Server crashes when uploading a file without extension. This
vulnerability has been patched in versions 5.5.6 and 6.3.1.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46119
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product pfsense_ce -- pfsense_ceDescription Pfsense CE version 2.6.0
is vulnerable to No rate limit which can lead to an attacker creating multiple
malicious users in firewall.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-29973
MISC(link is external)Primary
Vendor -- Product phpgurukul -- nipah_virus_testing_management_systemDescription
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) "
Testing Management System v.1.0 allows attackers to execute arbitrary code via a
crafted payload injected into the State field.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46583
MISC(link is external)Primary
Vendor -- Product phpgurukul -- nipah_virus_testing_management_systemDescription
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management
System v.1.0 allows a remote attacker to escalate privileges via a crafted
request to the new-user-testing.php endpoint.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46584
MISC(link is external)Primary
Vendor -- Product phpgurukul -- nipah_virus_testing_management_systemDescription
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System
1.0 and classified as critical. This issue affects some unknown processing of
the file login.php. The manipulation of the argument username leads to sql
injection. The attack may be initiated remotely. The identifier VDB-243617 was
assigned to this vulnerability.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5804
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product phpgurukul -- online_railway_catering_systemDescription A
vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has
been classified as critical. Affected is an unknown function of the file
index.php of the component Login. The manipulation of the argument username
leads to sql injection. It is possible to launch the attack remotely. The
identifier of this vulnerability is VDB-243600.Published 2023-10-26CVSS Score
not yet calculatedSource & Patch Info CVE-2023-5794
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ping_identity -- pingfederateDescription When an AWS DynamoDB
table is used for user attribute storage, it is possible to retrieve the
attributes of another user using a maliciously crafted request.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-34085
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ping_identity -- pingfederateDescription Under a very specific
and highly unrecommended configuration, authentication bypass is possible in the
PingFederate Identifier First AdapterPublished 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37283
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ping_identity -- pingfederateDescription PingFederate
Administrative Console dependency contains a weakness where console becomes
unresponsive with crafted Java class loading enumeration requestsPublished
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-39219
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ping_identity -- pingfederateDescription PingFederate using
the PingOne MFA adapter allows a new MFA device to be paired without requiring
second factor authentication from an existing registered device. A threat actor
may be able to exploit this vulnerability to register their own MFA device if
they have knowledge of a victim user's first factor credentials.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-39231
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ping_identity -- pingfederateDescription A first-factor
authentication bypass vulnerability exists in the PingFederate with PingID
Radius PCV when a MSCHAP authentication request is sent via a maliciously
crafted RADIUS client request.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39930
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product pip -- pipDescription When installing a package from a
Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the
specified Mercurial revision could be used to inject arbitrary configuration
options to the "hg clone" call (ie "--config"). Controlling the Mercurial
configuration can modify how and which repository is installed. This
vulnerability does not affect users who aren't installing from
Mercurial.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5752
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product prestashop -- prestashopDescription In the module "Product
Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1
from MyPrestaModules for PrestaShop, a guest can download personal information
without restriction by performing a path traversal attack. Due to a lack of
permissions control and a lack of control in the path name construction, a guest
can perform a path traversal to view all files on the information
system.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46346
MISC(link is external)Primary
Vendor -- Product prestashop -- prestashopDescription In the module "Step by
Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design
for PrestaShop, a guest can perform SQL injection. The method
`NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a
trivial http call and exploited to forge a SQL injection.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46347
MISC(link is external)Primary
Vendor -- Product prestashop -- prestashopDescription In the module "Referral
and Affiliation Program" (referralbyphone) version 3.5.1 and before from
Snegurka for PrestaShop, a guest can perform SQL injection. Method
`ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has
sensitive SQL calls that can be executed with a trivial http call and exploited
to forge a SQL injection.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-46358
MISC(link is external)Primary
Vendor -- Product proxmox -- proxmoxDescription Proxmox proxmox-widget-toolkit
before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit
notes feature.Published 2023-10-28CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46854
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product rabbitmq -- rabbitmqDescription RabbitMQ is a multi-protocol
messaging and streaming broker. HTTP API did not enforce an HTTP request body
limit, making it vulnerable for denial of service (DoS) attacks with very large
messages. An authenticated user with sufficient credentials can publish a very
large messages over the HTTP API and cause target node to be terminated by an
"out-of-memory killer"-like mechanism. This vulnerability has been patched in
versions 3.11.24 and 3.12.7.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46118
MISC(link is external)Primary
Vendor -- Product rabbitmq -- rabbitmq
Description The RabbitMQ Java client library allows Java and JVM-based
applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was
not used when receiving Message objects. Attackers could send a very large
Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ
may suffer from DoS attacks from RabbitMQ Java client which will ultimately
exhaust the memory of the consumer. This vulnerability was patched in version
5.18.0.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46120
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product radare2 -- radare2Description An out-of-bounds read in radare2
v.5.8.9 and before exists in the print_insn32_fpu function of
libr/arch/p/nds32/nds32-dis.h.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46569
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product radare2 -- radare2Description An out-of-bounds read in radare2
v.5.8.9 and before exists in the print_insn32 function of
libr/arch/p/nds32/nds32-dis.h.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46570
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product regina_sweets&bakery_line --
regina_sweets&bakery_lineDescription The leakage of the client secret in REGINA
SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token
and send crafted broadcast messages.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-39739
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product remark42 -- remark42Description umputun remark42 version
1.12.1 and before has a Blind Server-Side Request Forgery (SSRF)
vulnerability.Published 2023-10-23CVSS Score not yet calculatedSource & Patch
Info CVE-2023-45966
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panelDescription The vulnerability
allows an unprivileged user with access to the subnet of the TPC-110W device to
gain a root shell on the device itself abusing the lack of authentication of the
'su' binary file installed on the device that can be accessed through the ADB
(Android Debug Bridge) protocol exposed on the network.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-41255
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panelDescription The vulnerability
allows an unprivileged(untrusted) third-party application to interact with a
content-provider unsafely exposed by the Android Agent application, potentially
modifying sensitive settings of the Android Client application itself.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-41960
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panelDescription The vulnerability
allows a low privileged (untrusted) application to modify a critical system
property that should be denied, in order to enable the ADB (Android Debug
Bridge) protocol to be exposed on the network, exploiting it to gain a
privileged shell on the device without requiring the physical access through
USB.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-43488
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panelDescription The Android Client
application, when enrolled with the define method 1(the user manually inserts
the server ip address), use HTTP protocol to retrieve sensitive information (ip
address and credentials to connect to a remote MQTT broker entity) instead of
HTTPS and this feature is not configurable by the user.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-45220
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panelDescription The vulnerability
allows a low privileged user that have access to the device when locked in Kiosk
mode to install an arbitrary Android application and leverage it to have access
to critical device settings such as the device power management or eventually
the device secure settings (ADB debug).Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45844
MISC(link is external)Primary
Vendor -- Product rexroth -- ctrlx_hmi_web_panel
Description The vulnerability allows an unprivileged (untrusted) third- party
application to arbitrary modify the server settings of the Android Client
application, inducing it to connect to an attacker - controlled malicious
server.This is possible by forging a valid broadcast intent encrypted with a
hardcoded RSA key pairPublished 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41372
MISC(link is external)Primary
Vendor -- Product ritecms -- ritecmsDescription A File upload vulnerability in
RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS
content.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-44767
MISC(link is external)Primary
Vendor -- Product rmc_r_beauty_clinic_line --
rmc_r_beauty_clinic_lineDescription An issue in rmc R Beauty CLINIC Line
v.13.6.1 allows a remote attacker to obtain sensitive information via crafted
GET request.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-38848
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product rockwell_automation -- arena_simulationDescription An
arbitrary code execution vulnerability was reported to Rockwell Automation in
Arena Simulation that could potentially allow a malicious user to commit
unauthorized arbitrary code to the software by using a memory buffer overflow.
The threat-actor could then execute malicious code on the system affecting the
confidentiality, integrity, and availability of the product. The user would need
to open a malicious file provided to them by the attacker for the code to
execute.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-27854
MISC(link is external)Primary
Vendor -- Product rockwell_automation -- arena_simulationDescription Rockwell
Automation Arena Simulation contains an arbitrary code execution vulnerability
that could potentially allow a malicious user to commit unauthorized code to the
software by using an uninitialized pointer in the application. The threat-actor
could then execute malicious code on the system affecting the confidentiality,
integrity, and availability of the product. The user would need to open a
malicious file provided to them by the attacker for the code to
execute.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-27858
MISC(link is external)Primary
Vendor -- Product rockwell_automation -- factorytalkDescription Rockwell
Automation FactoryTalk View Site Edition insufficiently validates user input,
which could potentially allow threat actors to send malicious data bringing the
product offline. If exploited, the product would become unavailable and require
a restart to recover resulting in a denial-of-service condition.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46289
MISC(link is external)Primary
Vendor -- Product rockwell_automation -- factorytalkDescription Due to
inadequate code logic, a previously unauthenticated threat actor could
potentially obtain a local Windows OS user token through the FactoryTalk®
Services Platform web service and then use the token to log in into FactoryTalk®
Services Platform . This vulnerability can only be exploited if the authorized
user did not previously log in into the FactoryTalk® Services Platform web
service.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46290
MISC(link is external)Primary
Vendor -- Product samba -- sambaDescription A heap-based Buffer Overflow flaw
was discovered in Samba. It could allow a remote, authenticated attacker to
exploit this vulnerability to cause a denial of service.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-5568
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product satoken -- satokenDescription An issue in Dromara SaToken
version 1.3.50RC and before when using Spring dynamic controllers, a specially
crafted request may cause an authentication bypass.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-43961
MISC(link is external)Primary
Vendor -- Product satoken -- satokenDescription An issue in Dromara SaToken
version 1.36.0 and before allows a remote attacker to escalate privileges via a
crafted payload to the URL.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-44794
MISC(link is external)Primary
Vendor -- Product sbt -- sbtDescription sbt is a build tool for Scala, Java, and
others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of
arbitrary file. This would have potential to overwrite
`/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in
`pullRemoteCache` task and `Resolvers.remote`; however many projects use
`IO.unzip(...)` directly to implement custom tasks. This vulnerability has been
patched in version 1.9.7.Published 2023-10-23CVSS Score not yet calculatedSource
& Patch Info CVE-2023-46122
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sd-webui-infinite-image-browsing --
sd-webui-infinite-image-browsingDescription The zanllp
sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before
977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio
authentication is enabled without secret key configuration, allows remote
attackers to read any local file via /file?path= in the URL, as demonstrated by
reading /proc/self/environ to discover credentials.Published 2023-10-22CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46315
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product seacms -- seacmsDescription An issue in SeaCMS v.12.9 allows
an attacker to execute arbitrary commands via the admin_safe.php
component.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46010
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product shaanxi_chanming_education_technology --
score_query_systemDescription A vulnerability was found in Shaanxi Chanming
Education Technology Score Query System 5.0. It has been rated as critical. This
issue affects some unknown processing. The manipulation of the argument
stuIdCard leads to sql injection. The attack may be initiated remotely. The
exploit has been disclosed to the public and may be used. The identifier
VDB-243593 was assigned to this vulnerability.Published 2023-10-26CVSS Score not
yet calculatedSource & Patch Info CVE-2023-5787
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product shanghai_cti_navigation --
cti_monitoring_and_early_warning_systemDescription A vulnerability was found in
Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been
classified as critical. This affects an unknown part of the file
/Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql
injection. The exploit has been disclosed to the public and may be used. The
identifier VDB-243717 was assigned to this vulnerability.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-5827
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sick_ag -- fx0-gmod00000Description Authentication Bypass by
Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717,
1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072,
1121596, 1099830 allows an unauthenticated remote attacker to potentially impact
the availability, integrity and confidentiality of the gateways via an
authentication bypass by capture-replay.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5246
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sielco -- analog_fm_transmitterDescription The application
suffers from a privilege escalation vulnerability. A user with read permissions
can elevate privileges by sending a HTTP POST to set a parameter.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-41966
MISC(link is external)
MISCPrimary
Vendor -- Product sielco -- analog_fm_transmitterDescription The cookie session
ID is of insufficient length and can be exploited by brute force, which may
allow a remote attacker to obtain a valid session, bypass authentication, and
manipulate the transmitter.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-42769
MISC(link is external)
MISCPrimary
Vendor -- Product sielco -- analog_fm_transmitterDescription The application
suffers from improper access control when editing users. A user with read
permissions can manipulate users, passwords, and permissions by sending a single
HTTP POST request with modified parameters.Published 2023-10-26CVSS Score not
yet calculatedSource & Patch Info CVE-2023-45228
MISC(link is external)
MISCPrimary
Vendor -- Product sielco -- analog_fm_transmitterDescription The application
interface allows users to perform certain actions via HTTP requests without
performing any validity checks to verify the requests. This can be exploited to
perform certain actions with administrative privileges if a logged-in user
visits a malicious web site.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45317
MISC(link is external)
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 is
vulnerable to an attacker escalating their privileges by modifying passwords in
POST requests.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46661
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 is
vulnerable to an information disclosure vulnerability due to improper access
control enforcement. An unauthenticated remote attacker can exploit this via a
specially crafted request to gain access to sensitive information.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46662
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 is
vulnerable to an attacker bypassing authorization and accessing resources behind
protected pages. The application interface allows users to perform certain
actions via HTTP requests without performing any validity checks to verify the
requests.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46663
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 is
vulnerable to an improper access control vulnerability when the application
provides direct access to objects based on user-supplied input. As a result of
this vulnerability attackers can bypass authorization and access resources
behind protected pages.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46664
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 is
vulnerable to an authentication bypass vulnerability due to an attacker
modifying passwords in a POST request and gain unauthorized access to the
affected device with administrative privileges.Published 2023-10-26CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46665
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000Description Sielco PolyEco1000 uses a
weak set of default administrative credentials that can be easily guessed in
remote password attacks and gain full control of the system.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-5754
MISCPrimary
Vendor -- Product sielco_ -- polyeco1000
Description Sielco PolyEco1000 is vulnerable to a session hijack vulnerability
due to the cookie being vulnerable to a brute force attack, lack of SSL, and the
session being visible in requests.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-0897
MISCPrimary
Vendor -- Product silicon_labs -- ember_znet_sdkDescription Missing Encryption
of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM
(SecureVault High modules) allows potential modification or extraction of
network credentials stored in flash. This issue affects Silicon Labs Ember ZNet
SDK: 7.3.1 and earlier.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41096
MISC(link is external)Primary
Vendor -- Product silicon_labs -- openthread_sdkDescription Missing Encryption
of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM
(SecureVault High modules) allows potential modification or extraction of
network credentials stored in flash. This issue affects Silicon Labs OpenThread
SDK: 2.3.1 and earlier.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-41095
MISC(link is external)Primary
Vendor -- Product sisqualwfm -- sisqualwfmDescription The sisqualWFM 7.1.319.103
thru 7.1.319.111 for Android, has a host header injection vulnerability in its
"/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an
attacker can change webpage links and even redirect users to arbitrary or
malicious locations. This can lead to phishing attacks, malware distribution,
and unauthorized access to sensitive resources.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-36085
MISC(link is external)Primary
Vendor -- Product sonicwall -- directory_services_connectorDescription A local
privilege escalation vulnerability in SonicWall Directory Services Connector
Windows MSI client 4.1.21 and earlier versions allows a local low-privileged
user to gain system privileges through running the recovery feature.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-44219
MISC(link is external)Primary
Vendor -- Product sonicwall -- netextender_windowsDescription SonicWall
NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions
have a DLL Search Order Hijacking vulnerability in the start-up DLL component.
Successful exploitation via a local attacker could result in command execution
in the target system.Published 2023-10-27CVSS Score not yet calculatedSource &
Patch Info CVE-2023-44220
MISC(link is external)Primary
Vendor -- Product sourcecodester -- file_manager_appDescription A vulnerability
classified as critical was found in SourceCodester File Manager App 1.0.
Affected by this vulnerability is an unknown functionality of the file
endpoint/add-file.php. The manipulation of the argument uploadedFileName leads
to unrestricted upload. The attack can be launched remotely. The exploit has
been disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-243595.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5790
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_systemDescription Sourcecodester Free
and Open Source inventory management system v1.0 is vulnerable to Incorrect
Access Control. An arbitrary user can change the password of another user and
takeover the account via IDOR in the password change function.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46449
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
free_and_open_source_inventory_management_systemDescription Sourcecodester Free
and Open Source inventory management system 1.0 is vulnerable to Cross Site
Scripting (XSS) via the Add supplier function.Published 2023-10-26CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46450
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- simple_real_estate_portal_systemDescription
A vulnerability was found in SourceCodester Simple Real Estate Portal System
1.0. It has been classified as critical. Affected is an unknown function of the
file view_estate.php. The manipulation of the argument id leads to sql
injection. It is possible to launch the attack remotely. The exploit has been
disclosed to the public and may be used. VDB-243618 is the identifier assigned
to this vulnerability.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5805
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- sticky_notes_appDescription A vulnerability,
which was classified as problematic, was found in SourceCodester Sticky Notes
App 1.0. This affects an unknown part of the file endpoint/add-note.php. The
manipulation of the argument noteTitle/noteContent leads to cross site
scripting. It is possible to initiate the attack remotely. The exploit has been
disclosed to the public and may be used. The identifier VDB-243597 was assigned
to this vulnerability.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5791
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- sticky_notes_appDescription A vulnerability
has been found in SourceCodester Sticky Notes App 1.0 and classified as
critical. This vulnerability affects unknown code of the file
endpoint/delete-note.php. The manipulation of the argument note leads to sql
injection. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. VDB-243598 is the identifier assigned to this
vulnerability.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5792
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- task_reminder_systemDescription A
vulnerability was found in SourceCodester Task Reminder System 1.0 and
classified as critical. Affected by this issue is some unknown functionality of
the file /classes/Master.php?f=delete_reminder. The manipulation of the argument
id leads to sql injection. The attack may be launched remotely. The identifier
of this vulnerability is VDB-243644.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5813
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- task_reminder_systemDescription A
vulnerability was found in SourceCodester Task Reminder System 1.0. It has been
classified as critical. This affects an unknown part of the file
/classes/Master.php?f=save_reminder. The manipulation of the argument id leads
to sql injection. It is possible to initiate the attack remotely. The identifier
VDB-243645 was assigned to this vulnerability.Published 2023-10-27CVSS Score not
yet calculatedSource & Patch Info CVE-2023-5814
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester -- task_reminder_systemDescription A
vulnerability was found in SourceCodester Task Reminder System 1.0. It has been
rated as critical. Affected by this issue is some unknown functionality of the
file classes/Users.php?f=delete. The manipulation of the argument id leads to
sql injection. The attack may be launched remotely. The identifier of this
vulnerability is VDB-243800.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5836
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sourcecodester --
packers_and_movers_management_systemDescription Sourcecodester Packers and
Movers Management System v1.0 is vulnerable to SQL Injection via
mpms/?p=services/view_service&id.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46435
MISC(link is external)Primary
Vendor -- Product stb_image.h -- stb_image.h
Description Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a
remote attacker to cause a denial of service via a crafted file to the
stbi_load_gif_main function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-43281
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product stellar -- rs-stellar-strkeyDescription rs-stellar-strkey is a
Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when
a specially crafted payload is used.`inner_payload_len` should not above 64.
This vulnerability has been patched in version 0.0.8.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46135
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product sugarcrm -- sugarcrmDescription An issue was discovered in
SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload
vulnerability has been identified in the Notes module. By using a crafted
request, custom PHP code can be injected via the Notes module because of missing
input validation. An attacker with regular user privileges can exploit
this.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46815
MISC(link is external)Primary
Vendor -- Product sugarcrm -- sugarcrmDescription An issue was discovered in
SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection
(SSTI) vulnerability has been identified in the GecControl action. By using a
crafted request, custom PHP code can be injected via the GetControl action
because of missing input validation. An attacker with regular user privileges
can exploit this.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-46816
MISC(link is external)Primary
Vendor -- Product synology -- camera_firmwareDescription A vulnerability
regarding use of externally controlled format string is found in the cgi
component. This allows remote attackers to execute arbitrary code via
unspecified vectors. The following models with Synology Camera Firmware versions
before 1.0.5-0185 may be affected: BC500 and TC500.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-5746
MISC(link is external)Primary
Vendor -- Product tenable -- nessus_network_monitorDescription Under certain
conditions, Nessus Network Monitor could allow a low privileged user to escalate
privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially
crafted file.Published 2023-10-26CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5622
MISC(link is external)Primary
Vendor -- Product tenable -- nessus_network_monitorDescription NNM failed to
properly set ACLs on its installation directory, which could allow a low
privileged user to run arbitrary code with SYSTEM privileges where NNM is
installed to a non-standard locationPublished 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5623
MISC(link is external)Primary
Vendor -- Product tenable -- nessus_network_monitorDescription Under certain
conditions, Nessus Network Monitor was found to not properly enforce input
validation. This could allow an admin user to alter parameters that could
potentially allow a blindSQL injection.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5624
MISC(link is external)Primary
Vendor -- Product tenda -- w18eDescription Tenda W18E V16.01.0.8(1576) contains
a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the
formSetNetCheckTools function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46369
MISC(link is external)Primary
Vendor -- Product tenda -- w18eDescription Tenda W18E V16.01.0.8(1576) has a
command injection vulnerability via the hostName parameter in the
formSetNetCheckTools function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46370
MISC(link is external)Primary
Vendor -- Product tibco_software_inc. -- tibco_hawkDescription The Hawk Console
and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk
Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk
RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically
allows an attacker with access to the Hawk Console's and Agent's log to obtain
credentials used to access associated EMS servers. Affected releases are TIBCO
Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution
for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational
Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent:
versions 5.12.2 and below.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-26219
MISC(link is external)Primary
Vendor -- Product tire-sales_line -- tire-sales_lineDescription An issue in
tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive
information via crafted GET request.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-38849
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tokueimaru_waiting_line -- ztokueimaru_waiting_lineDescription
The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows
attackers to obtain the channel access token and send crafted broadcast
messages.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39732
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tongda -- oaDescription A vulnerability classified as critical
was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of
the file
general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The
manipulation of the argument DELETE_STR leads to sql injection. The attack can
be initiated remotely. The exploit has been disclosed to the public and may be
used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The
vendor was contacted early about this disclosure but did not respond in any
way.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5780
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tongda -- oaDescription A vulnerability, which was classified
as critical, has been found in Tongda OA 2017 11.10. This issue affects the
function DELETE_STR of the file
general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to
sql injection. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-243587. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5781
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tongda -- oaDescription A vulnerability, which was classified
as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown
function of the file /manage/delete_query.php of the component General News. The
manipulation of the argument NEWS_ID leads to sql injection. The exploit has
been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-243588. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5782
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tongda -- oaDescription A vulnerability has been found in
Tongda OA 2017 up to 11.9 and classified as critical. Affected by this
vulnerability is an unknown functionality of the file
general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the
argument id/sort_parent leads to sql injection. The attack can be launched
remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 11.10 is able to address this issue. It is recommended to
upgrade the affected component. The identifier VDB-243589 was assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5783
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tonton-tei_line -- tonton-tei_lineDescription The leakage of
the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the
channel access token and send crafted broadcast messages.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-39733
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formNtp.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46540
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formIpv6Setup.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46541
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formMeshUploadConfig.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46542
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formWlSiteSurvey.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46543
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formWirelessTbl.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46544
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formWsc.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46545
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formStats.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46546
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formSysLog.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46547
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formWlanRedirect.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46548
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formSetLg.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46549
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formMapDelDevice.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46550
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formReflashClientTbl.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46551
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formMultiAP.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46552
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x2000r_firmware
Description TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain a stack overflow via the function formParentControl.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46553
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_ The 41DD80 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46408
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_ 41CC04 function.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46409
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_ The 416F60 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46410
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_415258 function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46411
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_41D998 function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46412
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a command execution
vulnerability via the sub_4155DC function.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46413
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_ 41D494 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46414
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_41E588 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46415
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_ The 41A414 function.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46416
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_415498 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46417
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_412688 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46418
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_415730 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46419
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_41590C function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46420
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_411D00 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46421
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_411994 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46422
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_417094 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46423
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product totolink -- x6000r_firmwareDescription TOTOLINK X6000R
v9.4.0cu.652_B20230116 was discovered to contain a remote command execution
(RCE) vulnerability via the sub_422BD4 function.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46424
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wdr7660Description TP-Link device TL-WDR7660
2.0.30 has a stack overflow vulnerability via the function
upgradeInfoJsonToBin.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46371
MISC(link is external)Primary
Vendor -- Product tp-link -- tl-wdr7660Description TP-Link TL-WDR7660 2.0.30 has
a stack overflow vulnerability via the function
deviceInfoJsonToBincauses.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46373
MISC(link is external)Primary
Vendor -- Product traceroute -- tracerouteDescription In buc Traceroute 2.0.12
through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command
lines.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46316
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product twisted -- twistedDescription Twisted is an event-based
framework for internet applications. Prior to version 23.10.0rc1, when sending
multiple HTTP requests in one TCP packet, twisted.web will process the requests
asynchronously without guaranteeing the response order. If one of the endpoints
is controlled by an attacker, the attacker can delay the response on purpose to
manipulate the response of the second request when a victim launched two
requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this
issue.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46137
MISC(link is external)Primary
Vendor -- Product ubiquiti -- unifi_network_applicationDescription Instances of
UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii)
are versions 7.5.176. and earlier, implement device adoption with improper
access control logic, creating a risk of access to device configuration
information by a malicious actor with preexisting access to the network.
Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network
to Version 7.5.187 or later.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-41721
MISC(link is external)Primary
Vendor -- Product ubuntu -- ubuntu_grub2Description An out-of-bounds write flaw
was found in grub2's NTFS filesystem driver. This issue may allow an attacker to
present a specially crafted NTFS filesystem image, leading to grub's heap
metadata corruption. In some circumstances, the attack may also corrupt the UEFI
firmware heap metadata. As a result, arbitrary code execution and secure boot
protection bypass may be achieved.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4692
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product ubuntu -- ubuntu_grub2Description An out-of-bounds read flaw
was found on grub2's NTFS filesystem driver. This issue may allow a physically
present attacker to present a specially crafted NTFS file system image to read
arbitrary memory locations. A successful attack allows sensitive data cached in
memory or EFI variable values to be leaked, presenting a high Confidentiality
risk.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-4693
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product univention -- ucs@schoolDescription Incorrect LDAP ACLs in
ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote
teachers, staff, and school administrators to read LDAP password hashes
(sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search
requests. For example, a teacher can gain administrator access via an NTLM
hash.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2020-17477
MISC(link is external)Primary
Vendor -- Product uomasa_saiji_news_line -- uomasa_saiji_news_lineDescription
The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows
attackers to obtain the channel access token and send crafted broadcast
messages.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-39735
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product uvdesk_community_skeleton --
uvdesk_community_skeletonDescription UVDesk Community Skeleton v1.1.1 allows
unauthenticated attackers to perform brute force attacks on the login page to
gain access to the application.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37635
MISC(link is external)Primary
Vendor -- Product uvdesk_community_skeleton --
uvdesk_community_skeletonDescription A stored cross-site scripting (XSS)
vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute
arbitrary web scripts or HTML via a crafted payload injected into the Message
field when creating a ticket.Published 2023-10-23CVSS Score not yet
calculatedSource & Patch Info CVE-2023-37636
MISC(link is external)Primary
Vendor -- Product vermeg -- agilereporterDescription An issue was discovered in
VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis
component.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2022-34832
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vermeg -- agilereporterDescription An issue was discovered in
VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis
component.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2022-34833
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vermeg -- agilereporterDescription An issue was discovered in
VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in
an Add Comment action to the Activity log.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2022-34834
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product viessmann -- vitogate_300Description A vulnerability was found
in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected
by this issue is some unknown functionality of the file /cgi-bin/. The
manipulation leads to direct request. The exploit has been disclosed to the
public and may be used. The identifier of this vulnerability is VDB-243140.
NOTE: The vendor was contacted early about this disclosure but did not respond
in any way.Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5702
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vim -- vimDescription Vim is an improved version of the good
old UNIX editor Vi. Heap-use-after-free in memory allocated in the function
`ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the
file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used
again in `src/cmdhist.c` at line 759. When using the `:history` command, it's
possible that the provided argument overflows the accepted value. Causing an
Integer Overflow and potentially later an use-after-free. This vulnerability has
been patched in version 9.0.2068.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46246
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vinchin -- backup_&_recoveryDescription VinChin Backup &
Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command
injection vulnerability.Published 2023-10-27CVSS Score not yet calculatedSource
& Patch Info CVE-2023-45498
MISC(link is external)
FULLDISC(link is external)Primary
Vendor -- Product vinchin -- backup_&_recoveryDescription VinChin Backup &
Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded
credentials.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-45499
MISC(link is external)
FULLDISC(link is external)Primary
Vendor -- Product vision_meat_works_trackdiner10/10_mc_line --
vision_meat_works_trackdiner10/10_mc_lineDescription The leakage of the client
secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to
obtain the channel access token and send crafted broadcast messages.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-39734
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vmware -- open-vm-toolsDescription open-vm-tools contains a
file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A
malicious actor with non-root privileges may be able to hijack the /dev/uinput
file descriptor allowing them to simulate user inputs.Published 2023-10-27CVSS
Score not yet calculatedSource & Patch Info CVE-2023-34059
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vmware -- vcenter_serverDescription vCenter Server contains an
out-of-bounds write vulnerability in the implementation of the DCERPC
protocol. A malicious actor with network access to vCenter Server may trigger an
out-of-bounds write potentially leading to remote code execution.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-34048
MISC(link is external)Primary
Vendor -- Product vmware -- vcenter_serverDescription vCenter Server contains a
partial information disclosure vulnerability. A malicious actor with
non-administrative privileges to vCenter Server may leverage this issue to
access unauthorized data.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-34056
MISC(link is external)Primary
Vendor -- Product vmware -- vmware_toolsDescription VMware Tools contains a
local privilege escalation vulnerability. A malicious actor with local user
access to a guest virtual machine may elevate privileges within the virtual
machine.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-34057
MISC(link is external)Primary
Vendor -- Product vmware -- vmware_toolsDescription VMware Tools contains a SAML
token signature bypass vulnerability. A malicious actor that has been granted
Guest Operation Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in
a target virtual machine may be able to elevate their privileges if that target
virtual machine has been assigned a more privileged Guest Alias
https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html
.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-34058
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product vue.js -- vue.js_devtoolsDescription The Vue.js Devtools
extension was found to leak screenshot data back to a malicious web page via the
standard `postMessage()` API. By creating a malicious web page with an iFrame
targeting a sensitive resource (i.e., a locally accessible file or sensitive
website), and registering a listener on the web page, the extension sent
messages back to the listener, containing the base64 encoded screenshot data of
the sensitive resource.Published 2023-10-23CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5718
MISC(link is external)Primary
Vendor -- Product wabt -- wabtDescription WebAssembly wabt 1.0.33 has an
Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to
segmentation fault.Published 2023-10-23CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46331
MISC(link is external)Primary
Vendor -- Product wabt -- wabtDescription WebAssembly wabt 1.0.33 contains an
Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation
fault.Published 2023-10-23CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46332
MISC(link is external)Primary
Vendor -- Product wenwenaicms -- wenwenaicmsDescription Insecure Permissions
vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate
privileges.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-45990
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly
plugin <= 5.5.1 versions.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-25032
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for
WooCommerce plugin <= 2.0.0.1 versions.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-30492
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types,
Custom Fields & more plugin <= 4.0.12 versions.Published 2023-10-26CVSS Score
not yet calculatedSource & Patch Info CVE-2023-32116
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve
plugin <= 2.1.3 versions.Published 2023-10-27CVSS Score not yet calculatedSource
& Patch Info CVE-2023-32738
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription Auth. (admin+) Stored
Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List
plugin <= 6.1.9 versions.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-39924
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpressDescription The Animated Counters plugin
for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
shortcode(s) in all versions up to, and including, 1.7 due to insufficient input
sanitization and output escaping on user supplied attributes. This makes it
possible for authenticated attackers with contributor-level and above
permissions to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5774
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability in TechnoWich WP ULike - Most Advanced WordPress Marketing Toolkit
plugin <= 4.6.8 versions.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-45640
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter
Keung Peter's Custom Anti-Spam plugin <= 3.2.2 versions.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-45759
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Martin Gibson WP GoToWebinar plugin <= 14.45 versions.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-45832
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
LeadSquared Suite plugin <= 0.7.4 versions.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-45833
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-45835
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC
Ultimate Taxonomy Manager plugin <= 2.0 versions.Published 2023-10-25CVSS Score
not yet calculatedSource & Patch Info CVE-2023-45837
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46068
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7
versions.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46069
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description An authenticated XCC user can change permissions for any user
through a crafted API command.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-4607
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46070
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46071
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9
versions.Published 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46072
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46074
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46075
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more
plugin <= 1.2.102 versions.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46076
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow
Plugins The Awesome Feed - Custom Feed plugin <= 2.2.5 versions.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46077
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode
Lava Directory Manager plugin <= 1.1.34 versions.Published 2023-10-26CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46081
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp
Ultimate Review plugin <= 2.2.4 versions.Published 2023-10-22CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46085
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-46088
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @
Userback Userback plugin <= 1.0.13 versions.Published 2023-10-22CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46089
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WebDorado WDSocialWidgets plugin <= 1.0.15 versions.Published 2023-10-26CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46090
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5
versions.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46091
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
LionScripts.Com Webmaster Tools plugin <= 2.0 versions.Published 2023-10-27CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46093
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google
Tag Manager for WooCommerce plugin <= 6.5.3 versions.Published 2023-10-26CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46094
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole
Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.Published 2023-10-22CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46095
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP
Radio plugin <= 3.1.9 versions.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46150
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI
Product Category Tree plugin <= 2.5 versions.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46151
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF
- WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1
versions.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46152
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
UserFeedback Team User Feedback plugin <= 1.0.9 versions.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46153
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar
- Google Calendar Plugin <= 3.2.5 versions.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46189
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Novo-media
Novo-Map : your WP posts on custom google maps plugin <= 1.1.2
versions.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46190
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Niels van
Renselaar Open Graph Metabox plugin <= 1.4.4 versions.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46191
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3
versions.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46192
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Internet
Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46193
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric
Teubert Archivist - Custom Archive Templates plugin <= 1.7.5 versions.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46194
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Scientech It
Solution Appointment Calendar plugin <= 2.9.6 versions.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46198
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Triberr plugin <= 4.1.1 versions.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46199
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3
versions.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46200
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto
Login New User After Registration plugin <= 1.9.6 versions.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-46202
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital
Inc. Duplicate Theme plugin <= 0.1.6 versions.Published 2023-10-25CVSS Score not
yet calculatedSource & Patch Info CVE-2023-46204
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
StylemixThemes Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.6
versions.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46208
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
G5Theme Grid Plus - Unlimited grid plugin <= 1.3.2 versions.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46209
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder
plugin <= 3.19.14 versions.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46211
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The CallRail Phone Call Tracking plugin for WordPress is vulnerable
to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up
to, and including, 0.5.2 due to insufficient input sanitization and output
escaping on the 'form_id' user supplied attribute. This makes it possible for
authenticated attackers with contributor level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5051
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Advanced Menu Widget plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and
including, 0.4.1 due to insufficient input sanitization and output escaping on
user supplied attributes. This makes it possible for authenticated attackers
with contributor-level and above permissions to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5085
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The BSK PDF Manager plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up
to, and including, 3.4.1 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers with contributor-level and above permissions to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected
page.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5110
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Delete Me plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and
including, 3.0 due to insufficient input sanitization and output escaping on
user supplied attributes. This makes it possible for authenticated attackers
with contributor-level and above permissions to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page. The shortcode
is not displayed to administrators, so it cannot be used against administrator
users.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5126
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The WP Font Awesome plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due
to insufficient input sanitization and output escaping on 'icon' user supplied
attribute. This makes it possible for authenticated attackers with
contributor-level and above permissions to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5127
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The WP EXtra plugin for WordPress is vulnerable to unauthorized
modification of data due to a missing capability check on the register()
function in versions up to, and including, 6.2. This makes it possible for
authenticated attackers, with subscriber-level permissions and above, to modify
the contents of the .htaccess files located in a site's root directory or
/wp-content and /wp-includes folders and achieve remote code execution.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5311
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Post Meta Data Manager plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up
to, and including, 1.2.0. This makes it possible for authenticated attackers,
with subscriber-level permissions and above, to gain elevated (e.g.,
administrator) privileges.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5425
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Post Meta Data Manager plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta
functions in versions up to, and including, 1.2.0. This makes it possible for
unauthenticated attackers to delete user, term, and post meta belonging to
arbitrary users.Published 2023-10-28CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5426
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized
use of AJAX actions due to missing capability checks on the corresponding
functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes
it possible for unauthenticated attackers to perform some of those actions that
were intended for higher privileged users.Published 2023-10-20CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5533
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The AI ChatBot plugin for WordPress is vulnerable to Cross-Site
Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due
to missing or incorrect nonce validation on the corresponding functions. This
makes it possible for unauthenticated attackers to invoke those functions via a
forged request granted they can trick a site administrator into performing an
action such as clicking on a link.Published 2023-10-20CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5534
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The VK Filter Search plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all
versions up to, and including, 2.3.1 due to insufficient input sanitization and
output escaping on user supplied attributes. This makes it possible for
authenticated attackers with contributor-level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5705
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Live Chat with Facebook Messenger plugin for WordPress is
vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode
in all versions up to, and including, 1.0 due to insufficient input sanitization
and output escaping on user supplied attributes. This makes it possible for
authenticated attackers with contributor-level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-25CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5740
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Very Simple Google Maps plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions
up to, and including, 2.9 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers with contributor-level and above permissions to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected
page.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5744
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Reusable Text Blocks plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and
including, 1.5.3 due to insufficient input sanitization and output escaping on
user supplied attributes. This makes it possible for authenticated attackers
with author-level and above permissions to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-5745
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Assistant WordPress plugin before 1.4.4 does not validate a
parameter before making a request to it via wp_remote_get(), which could allow
users with a role as low as Editor to perform SSRF attacksPublished
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-5798
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova
WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin
<= 1.3.4 versions.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5802
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Neon text plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up
to, and including, 1.1 due to insufficient input sanitization and output
escaping on user supplied attributes (color). This makes it possible for
authenticated attackers with contributor-level and above permissions to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.Published 2023-10-27CVSS Score not yet calculatedSource & Patch
Info CVE-2023-5817
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Thumbnail Slider With Lightbox plugin for WordPress is
vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing
or incorrect nonce validation on the addedit functionality. This makes it
possible for unauthenticated attackers to upload arbitrary files via a forged
request granted they can trick a site administrator into performing an action
such as clicking on a link.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5820
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product wordpress -- wordpress
Description The Thumbnail carousel slider plugin for WordPress is vulnerable to
Cross-Site Request Forgery in version 1.0. This is due to missing nonce
validation on the deleteselected function. This makes it possible for
unauthenticated attackers to delete sliders in bulk via a forged request granted
they can trick a site administrator into performing an action such as clicking
on a link.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5821
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product writercms -- writercms
Description Incorrect access control in writercms v1.1.0 allows attackers to
directly obtain backend account passwords via unspecified vectors.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-43905
MISC(link is external)Primary
Vendor -- Product xnview_classic -- xnview_classicDescription Buffer Overflow
vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute
arbitrary code via a crafted TIF file.Published 2023-10-27CVSS Score not yet
calculatedSource & Patch Info CVE-2023-46587
MISC(link is external)Primary
Vendor -- Product xolo_cms -- xolo_cms
Description Xolo CMS v0.11 was discovered to contain a reflected cross-site
scripting (XSS) vulnerability.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-43906
MISC(link is external)Primary
Vendor -- Product xorg-server -- xorg-serverDescription A out-of-bounds write
flaw was found in the xorg-x11-server. This issue occurs due to an incorrect
calculation of a buffer offset when copying data stored in the heap in the
XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty
function in randr/rrproperty.c, allowing for possible escalation of privileges
or denial of service.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-5367
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xorg-server -- xorg-serverDescription A use-after-free flaw
was found in the xorg-x11-server. An X server crash may occur in a very specific
and legacy configuration (a multi-screen setup with multiple protocol screens,
also known as Zaphod mode) if the pointer is warped from within a window on one
screen to the root window of the other screen and if the original window is
destroyed followed by another window being destroyed.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-5380
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xorg-server -- xorg-serverDescription A use-after-free flaw
was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very
specific and legacy configuration (a multi-screen setup with multiple protocol
screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to
a screen 0, a use-after-free issue may be triggered during shutdown or reset of
the Xvfb server, allowing for possible escalation of privileges or denial of
service.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5574
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xpand -- it_write-back_managerDescription Xpand IT Write-back
manager v2.3.1 allows attackers to perform a directory traversal via
modification of the siteName parameter.Published 2023-10-26CVSS Score not yet
calculatedSource & Patch Info CVE-2023-27170
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Rendering is a generic
Rendering system that converts textual input in a given syntax into another
syntax. The cleaning of attributes during XHTML rendering, introduced in version
14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site
scripting via invalid attribute names. This can be exploited, e.g., via the link
syntax in any content that supports XWiki syntax like comments in XWiki. When a
user moves the mouse over a malicious link, the malicious JavaScript code is
executed in the context of the user session. When this user is a privileged user
who has programming rights, this allows server-side code execution with
programming rights, impacting the confidentiality, integrity and availability of
the XWiki instance. While this attribute was correctly recognized as not
allowed, the attribute was still printed with a prefix
`data-xwiki-translated-attribute-` without further cleaning or validation. This
problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters
not allowed in data attributes and then validating the cleaned attribute again.
There are no known workarounds apart from upgrading to a version including the
fix.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-37908
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. Starting
in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who
can edit their own user profile can execute arbitrary script macros including
Groovy and Python macros that allow remote code execution including unrestricted
read and write access to all wiki contents. This has been patched in XWiki
14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can
be manually applied to the document `Menu.UIExtensionSheet`; only three lines
need to be changed.Published 2023-10-25CVSS Score not yet calculatedSource &
Patch Info CVE-2023-37909
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. Starting
with the introduction of attachment move support in version 14.0-rc-1 and prior
to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any
document (can be the user profile which is editable by default) can move any
attachment of any other document to this attacker-controlled document. This
allows the attacker to access and possibly publish any attachment of which the
name is known, regardless if the attacker has view or edit rights on the source
document of this attachment. Further, the attachment is deleted from the source
document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0
RC1. There is no workaround apart from upgrading to a fixed version.Published
2023-10-25CVSS Score not yet calculatedSource & Patch Info CVE-2023-37910
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. Starting
in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document
has been deleted and re-created, it is possible for users with view right on the
re-created document but not on the deleted document to view the contents of the
deleted document. Such a situation might arise when rights were added to the
deleted document. This can be exploited through the diff feature and, partially,
through the REST API by using versions such as `deleted:1` (where the number
counts the deletions in the wiki and is thus guessable). Given sufficient
rights, the attacker can also re-create the deleted document, thus extending the
scope to any deleted document as long as the attacker has edit right in the
location of the deleted document. This vulnerability has been patched in XWiki
14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a
document are accessed. The only workaround is to regularly clean deleted
documents to minimize the potential exposure. Extra care should be taken when
deleting sensitive documents that are protected individually (and not, e.g., by
being placed in a protected space) or deleting a protected space as a
whole.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-37911
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Rendering is a generic
Rendering system that converts textual input in a given syntax into another
syntax. Prior to version 14.10.6 of
`org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and
`org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version
15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote
macro executed its content in a potentially different context than the one in
which it was defined. In particular in combination with the include macro, this
allows privilege escalation from a simple user account in XWiki to programming
rights and thus remote code execution, impacting the confidentiality, integrity
and availability of the whole XWiki installation. This vulnerability has been
patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from
upgrading to a fixed version of the footnote macro.Published 2023-10-25CVSS
Score not yet calculatedSource & Patch Info CVE-2023-37912
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. Starting
in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1,
triggering the office converter with a specially crafted file name allows
writing the attachment's content to an attacker-controlled location on the
server as long as the Java process has write access to that location. In
particular in the combination with attachment moving, a feature introduced in
XWiki 14.0, this is easy to reproduce but it also possible to reproduce in
versions as old as XWiki 3.5 by uploading the attachment through the REST API
which doesn't remove `/` or `\` from the filename. As the mime type of the
attachment doesn't matter for the exploitation, this could e.g., be used to
replace the `jar`-file of an extension which would allow executing arbitrary
Java code and thus impact the confidentiality, integrity and availability of the
XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and
15.3RC1. There are no known workarounds apart from disabling the office
converter.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-37913
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it.
`org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and
prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to
versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard`
starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are
vulnerable to cross-site scripting. An attacker can create a template provider
on any document that is part of the wiki (could be the attacker's user profile)
that contains malicious code. This code is executed when this template provider
is selected during document creation which can be triggered by sending the user
to a URL. For the attacker, the only requirement is to have an account as by
default the own user profile is editable. This allows an attacker to execute
arbitrary actions with the rights of the user opening the malicious link.
Depending on the rights of the user, this may allow remote code execution and
full read and write access to the whole XWiki installation. This has been
patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1,
`org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and
`org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the
appropriate escaping. The vulnerable template file createinline.vm is part of
XWiki's WAR and can be patched by manually applying the changes from the
fix.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-45134
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. In
`org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12
and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12
and 15.5-rc-1, it is possible to pass a title to the page creation action that
isn't displayed at first but then executed in the second step. This can be used
by an attacker to trick a victim to execute code, allowing script execution if
the victim has script right or remote code execution including full access to
the XWiki instance if the victim has programming right. For the attack to work,
the attacker needs to convince the victim to visit a link like
`<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)`
where `<xwiki-host>` is the URL of the Wiki installation and to then click on
the "Create" button on that page. The page looks like a regular XWiki page that
the victim would also see when clicking the button to create a page that doesn't
exist yet, the malicious code is not displayed anywhere on that page. After
clicking the "Create" button, the malicious title would be displayed but at this
point, the code has already been executed and the attacker could use this code
also to hide the attack, e.g., by redirecting the victim again to the same page
with an innocent title. It thus seems plausible that this attack could work if
the attacker can place a fake "create page" button on a page which is possible
with edit right. This has been patched in
`org.xwiki.platform:xwiki-platform-web` version 14.10.12 and
`org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and
15.5-rc-1 by displaying the title already in the first step such that the victim
can notice the attack before continuing. It is possible to manually patch the
modified files from the patch in an existing installation. For the JavaScript
change, the minified JavaScript file would need to be obtained from a build of
XWiki and replaced accordingly.Published 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-45135
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it. When
document names are validated according to a name strategy (disabled by default),
XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1
is vulnerable to a reflected cross-site scripting attack in the page creation
form. This allows an attacker to execute arbitrary actions with the rights of
the user opening the malicious link. Depending on the rights of the user, this
may allow remote code execution and full read and write access to the whole
XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by
adding appropriate escaping. The vulnerable template file `createinline.vm` is
part of XWiki's WAR and can be patched by manually applying the changes from the
fix.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-45136
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product xwiki -- xwikiDescription XWiki Platform is a generic wiki
platform offering runtime services for applications built on top of it.
`org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and
prior to version 13.4-rc-1, as well as
`org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and
15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a
document that already exists, XWiki displays an error message in the form for
creating it. Due to missing escaping, this error message is vulnerable to raw
HTML injection and thus XSS. The injected code is the document reference of the
existing document so this requires that the attacker first creates a non-empty
document whose name contains the attack code. This has been patched in
`org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and
`org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and
15.5-rc-1 by adding the appropriate escaping. The vulnerable template file
`createinline.vm` is part of XWiki's WAR and can be patched by manually applying
the changes from the fix.Published 2023-10-25CVSS Score not yet calculatedSource
& Patch Info CVE-2023-45137
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product yxbookcms -- yxbookcmsDescription Cross Site Scripting (XSS)
vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute
arbitrary code via the reader management and book input modules.Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46503
MISC(link is external)Primary
Vendor -- Product yxbookcms -- yxbookcmsDescription Cross Site Scripting (XSS)
vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker
to execute arbitrary code via the library name function in the general settings
component.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46504
MISC(link is external)Primary
Vendor -- Product zenario_cms -- zenario_cmsDescription A Cross-Site Scripting
(XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to
execute arbitrary code via a crafted script to the Spare aliases from
Alias.Published 2023-10-25CVSS Score not yet calculatedSource & Patch Info
CVE-2023-44769
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product zentao_biz -- zentao_bizDescription ZenTao Biz version 4.1.3
and before is vulnerable to Cross Site Request Forgery (CSRF).Published
2023-10-27CVSS Score not yet calculatedSource & Patch Info CVE-2023-46375
MISC(link is external)Primary
Vendor -- Product zentao_biz -- zentao_bizDescription Zentao Biz version 8.7 and
before is vulnerable to Information Disclosure.Published 2023-10-27CVSS Score
not yet calculatedSource & Patch Info CVE-2023-46376
MISC(link is external)Primary
Vendor -- Product zentao_biz -- zentao_bizDescription ZenTao Biz version 4.1.3
and before has a Cross Site Scripting (XSS) vulnerability in the Version
Library.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46491
MISC(link is external)Primary
Vendor -- Product zentao_enterprise_edition --
zentao_enterprise_editionDescription ZenTao Enterprise Edition version 4.1.3 and
before is vulnerable to Cross Site Scripting (XSS).Published 2023-10-27CVSS
Score not yet calculatedSource & Patch Info CVE-2023-46374
MISC(link is external)Primary
Vendor -- Product zephyr -- zephyrDescription Potential buffer overflow
vulnerability at the following location in the Zephyr STM32 Crypto
driverPublished 2023-10-26CVSS Score not yet calculatedSource & Patch Info
CVE-2023-5139
MISC(link is external)Primary
Vendor -- Product zephyr -- zephyrDescription Potential buffer overflows in the
Bluetooth subsystem due to asserts being disabled in
/subsys/bluetooth/host/hci_core.cPublished 2023-10-25CVSS Score not yet
calculatedSource & Patch Info CVE-2023-5753
MISC(link is external)Primary
Vendor -- Product zioncom_holdings_ltd. -- a7000rDescription An issue in ZIONCOM
(Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute
arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg
function.Published 2023-10-27CVSS Score not yet calculatedSource & Patch Info
CVE-2023-46510
MISC(link is external)Primary
Vendor -- Product zitadel -- zitadelDescription ZITADEL is an identity
infrastructure management system. ZITADEL users can upload their own avatar
image using various image types including SVG. SVG can include scripts, such as
javascript, which can be executed during rendering. Due to a missing security
header, an attacker could inject code to an SVG to gain access to the victim's
account in certain scenarios. A victim would need to directly open the malicious
image in the browser, where a single session in ZITADEL needs to be active for
this exploit to work. If the possible victim had multiple or no active sessions
in ZITADEL, the attack would not succeed. This issue has been patched in version
2.39.2 and 2.38.2.Published 2023-10-26CVSS Score not yet calculatedSource &
Patch Info CVE-2023-46238
MISC(link is external)
MISC(link is external)
MISC(link is external)Primary
Vendor -- Product zpe_systems,_inc. -- nodegrid_osDescription ZPE Systems, Inc
Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to
v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a
command injection vulnerability via the endpoint
/v1/system/toolkit/files/.Published 2023-10-28CVSS Score not yet
calculatedSource & Patch Info CVE-2023-43322
CONFIRM(link is external)Primary
Vendor -- Product palantir -- palantirDescription The Palantir Tiles1 service
was found to be vulnerable to an API wide issue where the service was not
performing authentication/authorization on all the endpoints.Published
2023-10-26CVSS Score not yet calculatedSource & Patch Info CVE-2023-30969
MISC(link is external)
Back to top
PLEASE SHARE YOUR THOUGHTS
We recently updated our anonymous product survey; we’d welcome your feedback.
Return to top
* Topics
* Spotlight
* Resources & Tools
* News & Events
* Careers
* About
Cybersecurity & Infrastructure Security Agency
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
* RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email)
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* About CISA
* Accessibility
* Budget and Performance
* DHS.gov
* FOIA Requests
* No FEAR Act
* Office of Inspector General
* Privacy Policy
* Subscribe
* The White House
* USA.gov
* Website Feedback