US-CERT Vulnerability Summary for the Week of November 20, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47066
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47067
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47068
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47069
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47070
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-177.8CVE-2023-47073
code-projects — simple_crud_functionalitySQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the ‘title’ parameter.2023-11-179.8CVE-2023-48078
concrete_cms — concrete_cmsConcrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.2023-11-179.8CVE-2023-48648

 

corebos — corebosCorebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator’s computer.2023-11-178CVE-2023-48029
 
cubecart — cubecartCross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.2023-11-178.1CVE-2023-38130
 
cubecart — cubecartCubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.2023-11-177.2CVE-2023-47675
 
dreamer_cms — dreamer_cmsDreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.2023-11-188.8CVE-2023-48017
getsimplecms — getsimplecmsA vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.2023-11-179.8CVE-2023-6188

 

git-urls — git-urlsgit-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.2023-11-187.5CVE-2023-46402
honeywell — prowatchHoneywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server’s executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).2023-11-177.8CVE-2023-6179
 
kodcloud — kodboxkodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.2023-11-189.8CVE-2023-48028
 
liblisp — liblispLiblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c2023-11-178.1CVE-2023-48025
librenms — librenmsLibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-177.5CVE-2023-46745
luxsoft — luxcal_web_calendarSQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request and obtain or alter information stored in the database.2023-11-209.8CVE-2023-46700

 

medart_health_services — medart_notification_panelImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. This issue affects Medart Notification Panel: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-239.8CVE-2023-3631
misp — malware_information_sharing_platformAn issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.2023-11-179.8CVE-2023-48655
 
misp — malware_information_sharing_platformAn issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.2023-11-179.8CVE-2023-48656
 
misp — malware_information_sharing_platformAn issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.2023-11-179.8CVE-2023-48657
 
misp — malware_information_sharing_platformAn issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.2023-11-179.8CVE-2023-48658
 
misp — malware_information_sharing_platformAn issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.2023-11-179.8CVE-2023-48659
 
nec — clusterpro_x/expresscluster_xCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command.2023-11-178.8CVE-2023-39544
nec — clusterpro_x/expresscluster_xCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command.2023-11-178.8CVE-2023-39545
nec — clusterpro_x/expresscluster_xCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command.2023-11-178.8CVE-2023-39546
nec — clusterpro_x/expresscluster_xCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command.2023-11-178.8CVE-2023-39547
nec — clusterpro_x/expresscluster_xCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command.2023-11-178.8CVE-2023-39548
neutron — ip_cameraPath Traversal: ‘/../filedir’ vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1.2023-11-237.5CVE-2023-6118
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.2023-11-207.8CVE-2023-43612
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.2023-11-207.8CVE-2023-6045
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker to get confidential information or rewrite sensitive file through incorrect default permissions.2023-11-207.1CVE-2023-3116
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.2023-11-179.8CVE-2023-38316
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set.2023-11-177.5CVE-2023-38313
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).2023-11-177.5CVE-2023-38315
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).2023-11-177.5CVE-2023-38320
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set.2023-11-177.5CVE-2023-38322
opennds — openndsAn issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).2023-11-179.8CVE-2023-41101
 
opennds — openndsAn issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.2023-11-177.5CVE-2023-41102
 
opensupports — opensupportsOpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file’s magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim’s station via a crafted file upload operation.2023-11-179.8CVE-2023-48031
 
prestashop — prestashopIn the module “Product Catalog (CSV, Excel, XML) Export PRO” (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`2023-11-179.8CVE-2023-45387
 
prestashop — prestashopIn the module “SoNice Retour” (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.2023-11-177.5CVE-2023-45382
 
tenda — ax1803_firmwareTenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack2023-11-207.5CVE-2023-48109
tenda — ax1803_firmwareTenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack2023-11-207.5CVE-2023-48110
tenda — ax1803_firmwareTenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack2023-11-207.5CVE-2023-48111
veribilim_software_computer — veribaseImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Veribilim Software Computer Veribase allows SQL Injection. This issue affects Veribase: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-239.8CVE-2023-3377
wordpress — wordpressThe AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.2023-11-189.8CVE-2023-4214

 

wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.2023-11-228.8CVE-2023-26535
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE. This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6.2023-11-188.8CVE-2023-47243
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite. This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.2023-11-188.8CVE-2023-47519
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode. This issue affects Droit Dark Mode: from n/a through 1.1.2.2023-11-188.8CVE-2023-47531
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations. This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.2023-11-188.8CVE-2023-47551
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin. This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5.2023-11-188.8CVE-2023-47552
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin. This issue affects UserHeat Plugin: from n/a through 1.1.6.2023-11-188.8CVE-2023-47553
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher. This issue affects Device Theme Switcher: from n/a through 3.0.2.2023-11-188.8CVE-2023-47556
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities. This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.2023-11-188.8CVE-2023-47644
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.2023-11-188.8CVE-2023-47649
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords. This issue affects Plainview Protect Passwords: from n/a through 1.4.2023-11-188.8CVE-2023-47664
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets. This issue affects Code Snippets: from n/a through 3.5.0.2023-11-188.8CVE-2023-47666
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free. This issue affects WP Full Stripe Free: from n/a through 1.6.1.2023-11-188.8CVE-2023-47667
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS. This issue affects Korea SNS: from n/a through 1.6.3.2023-11-188.8CVE-2023-47670
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent. This issue affects Vertical scroll recent post: from n/a through 14.0.2023-11-188.8CVE-2023-47671
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget. This issue affects WP Category Post List Widget: from n/a through 2.0.3.2023-11-188.8CVE-2023-47672
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/a through 2.0.1.2023-11-188.8CVE-2023-47685
wordpress — wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery. This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.2023-11-178.8CVE-2023-47757
wordpress — wordpressThe WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2023-11-208.8CVE-2023-4824
wordpress — wordpressThe Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the ‘pmpro_paypalexpress_session_vars_for_user_fields’ function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.2023-11-188.8CVE-2023-6187

 

wordpress — wordpressThe Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-208.8CVE-2023-6196
 

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-175.5CVE-2023-47071
adobe — animateAdobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-175.5CVE-2023-44325
adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-11-176.1CVE-2023-44352
adobe — dimensionAdobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-175.5CVE-2023-44326
bell — home_hub_3000_firmwareAn issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page.2023-11-176.1CVE-2020-11448
 
bell — home_hub_3000_firmwareAn issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req – this is an information leak because the serial number is intended to prove an actor’s physical access to the device.2023-11-174.3CVE-2020-11447
 
color — demoiccmaxIn International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.2023-11-186.5CVE-2023-48736
concrete_cms — concrete_cmsConcrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.2023-11-175.4CVE-2023-48649

 

cubecart — cubecartDirectory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.2023-11-176.5CVE-2023-42428
 
cubecart — cubecartDirectory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.2023-11-174.9CVE-2023-47283
 
dassault — 3dswymer_3dexperience_2022Stored Cross-site Scripting (XSS) vulnerabilities√ā affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.2023-11-215.4CVE-2023-5598
dassault — 3dswymer_3dexperience_2022A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.2023-11-215.4CVE-2023-5599
eyoucms — eyoucmseyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.2023-11-215.4CVE-2023-46935
howerj — liblispLiblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c2023-11-176.5CVE-2023-48024
kc_group — e-commerce_softwareImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KC Group E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-236.1CVE-2023-4406
librenms — librenmsLibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-175.4CVE-2023-48295

 

liferay — liferay_portalReflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.2023-11-176.1CVE-2023-47797
limesurvey — limesurveyCross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.2023-11-185.4CVE-2023-44796

 

luxsoft — luxcal_web_calendarCross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.2023-11-206.1CVE-2023-47175

 

next-auth — next-authNextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users’ data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication.2023-11-205.3CVE-2023-48309

 

opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.2023-11-186.1CVE-2023-40809
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.2023-11-186.1CVE-2023-40810
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.2023-11-186.1CVE-2023-40812
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.2023-11-186.1CVE-2023-40813
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.2023-11-186.1CVE-2023-40814
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.2023-11-186.1CVE-2023-40815
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.2023-11-186.1CVE-2023-40816
opencrx — opencrxOpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.2023-11-186.1CVE-2023-40817
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.2023-11-205.5CVE-2023-42774
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.2023-11-205.5CVE-2023-46100
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.2023-11-205.5CVE-2023-46705
openharmony — openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.2023-11-205.5CVE-2023-47217
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).2023-11-176.5CVE-2023-38314
opennds — captive_portalAn issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).2023-11-175.3CVE-2023-38324
wordpress — wordpressThe Bonus for Woo WordPress plugin before 5.8.3 does not sanitize and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-11-206.1CVE-2023-5140
wordpress — wordpressThe Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-11-205.4CVE-2023-4799
wordpress — wordpressThe `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.2023-11-205.4CVE-2023-48300

 

wordpress — wordpressThe Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-205.4CVE-2023-6197
 
wordpress — wordpressThe PubyDoc WordPress plugin through 2.0.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.2023-11-204.8CVE-2023-4970

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-11-173.3CVE-2023-47072

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
admidio — admidioAdmidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).2023-11-22not yet calculatedCVE-2023-47380

 

adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-26347
adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-44350
adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-44351
adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-44353
adobe — coldfusionAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.2023-11-17not yet calculatedCVE-2023-44355
adobe — css-tools@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.2023-11-17not yet calculatedCVE-2023-26364
adobe — framemakerAdobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin’s password. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-44324
adobe — robohelp_serverAdobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead to information disclosure by a low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-22268
adobe — robohelp_serverAdobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-22272
adobe — robohelp_serverAdobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-22273
adobe — robohelp_serverAdobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-22274
adobe — robohelp_serverAdobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.2023-11-17not yet calculatedCVE-2023-22275
angular — dom-sanitizer
 
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.2023-11-22not yet calculatedCVE-2023-49146
 
apache — apache_dolphinschedulerExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.2023-11-24not yet calculatedCVE-2023-48796
 
apache — apache_stormOn unix-like systems, the temporary directory is shared between all users. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r–r–. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the ‘java.io.tmpdir’ system property is not explicitly set. This affects the class  https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99  and was introduced by  https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use  Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute…)  instead. We recommend that all users upgrade to the latest version of Apache Storm.2023-11-23not yet calculatedCVE-2023-43123
 
apache — apache_submarineApache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. In order to unmarshal the request, the readFrom method is invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. Users are recommended to upgrade to version 0.8.0, which fixes this issue. If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this.2023-11-20not yet calculatedCVE-2023-46302

 

apache — apache_derbyA cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren’t also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.2023-11-20not yet calculatedCVE-2022-46337
apache — apache_submarineApache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.2023-11-22not yet calculatedCVE-2023-37924

 

atlassian — bamboo_data_centerThis High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program2023-11-21not yet calculatedCVE-2023-22516
 
atlassian — crowd_data_centerThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program2023-11-21not yet calculatedCVE-2023-22521
 
authentik — authentikauthentik is an open-source identity provider. When initializing an oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request without it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue.2023-11-21not yet calculatedCVE-2023-48228

 

autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2023-11-23not yet calculatedCVE-2023-29073
autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2023-11-23not yet calculatedCVE-2023-29074
autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2023-11-23not yet calculatedCVE-2023-29075
autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.2023-11-23not yet calculatedCVE-2023-29076
autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.2023-11-23not yet calculatedCVE-2023-41139
autodesk — autocad,_advance_steel_and_civil_3dA maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2023-11-23not yet calculatedCVE-2023-41140
autodesk — customer_portalAutodesk users who no longer have an active license for an account can still access cases for that account.2023-11-22not yet calculatedCVE-2023-41145
autodesk — customer_portalAutodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.2023-11-22not yet calculatedCVE-2023-41146
autodesk — desktop_connectorA maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.2023-11-22not yet calculatedCVE-2023-29069
axis_communications_ab — axis_osSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2023-11-21not yet calculatedCVE-2023-21416
axis_communications_ab — axis_osSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2023-11-21not yet calculatedCVE-2023-21417
axis_communications_ab — axis_osSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2023-11-21not yet calculatedCVE-2023-21418
axis_communications_ab — axis_osDuring internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis’ knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.2023-11-21not yet calculatedCVE-2023-5553
bookstack — bookstackBook Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.2023-11-20not yet calculatedCVE-2023-6199
 
botanik_software — pharmacy_automationExposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data. This issue affects Pharmacy Automation: before 2.1.133.0.2023-11-22not yet calculatedCVE-2023-5983
bouncy_castle — bouncy_castleBouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial-of-service attack.2023-11-23not yet calculatedCVE-2023-33202
 
bvrp_software — slmailPath traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager’s intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the ‘dodoc’ parameter in the /MailAdmin_dll.htm file.2023-11-23not yet calculatedCVE-2023-4593
bvrp_software — slmailStored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.2023-11-23not yet calculatedCVE-2023-4594
bvrp_software — slmailAn information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.2023-11-23not yet calculatedCVE-2023-4595
bytecode_alliance — wasm-micro-runtimeA heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.2023-11-22not yet calculatedCVE-2023-48105

 

byzoro — smart_s80_firmware
 
A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-24not yet calculatedCVE-2023-6274

 

capnproto — capnprotoCap’n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap’n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected. If KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap’n Proto but is not directly used by Cap’n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap’n Proto 1.0. Previous versions are not affected. This issue is fixed in Cap’n Proto 1.0.1.1.2023-11-21not yet calculatedCVE-2023-48230

 

capsule-proxy — capsule-proxycapsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you’re relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.2023-11-24not yet calculatedCVE-2023-48312
 
chameleon_power — chameleon_powerPath traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.2023-11-22not yet calculatedCVE-2023-6252
checkmk — checkmk
 
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.2023-11-22not yet calculatedCVE-2023-6156
checkmk — checkmk
 
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.2023-11-22not yet calculatedCVE-2023-6157
checkmk — checkmk
 
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.2023-11-24not yet calculatedCVE-2023-6251
cisco — cisco_appdynamicsA vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.2023-11-21not yet calculatedCVE-2023-20274
cisco — cisco_identity_services_engine_softwareA vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device.2023-11-21not yet calculatedCVE-2023-20208
cisco — cisco_identity_services_engine_softwareA vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.2023-11-21not yet calculatedCVE-2023-20272
cisco — cisco_secure_clientMultiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.2023-11-22not yet calculatedCVE-2023-20240
cisco — cisco_secure_clientMultiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.2023-11-22not yet calculatedCVE-2023-20241
cisco — cisco_secure_endpointA vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.2023-11-22not yet calculatedCVE-2023-20084
clickhouse — clickhouseAn issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.2023-11-23not yet calculatedCVE-2022-44010
clickhouse — clickhouseAn issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.2023-11-23not yet calculatedCVE-2022-44011
codeigniter4 — shieldCodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-24not yet calculatedCVE-2023-48707
 
codeigniter4 — shieldCodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table, they can obtain a raw token which can then be used to send a request with that user’s authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.2023-11-24not yet calculatedCVE-2023-48708

 

dece_software — geodiImproper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396.2023-11-22not yet calculatedCVE-2023-5921
dece_software — geodiImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DECE Software Geodi allows Stored XSS. This issue affects Geodi: before 8.0.0.27396.2023-11-22not yet calculatedCVE-2023-6011
dell — dell_command_configureDell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.2023-11-23not yet calculatedCVE-2023-43086
dell — dell_command_configureDell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.2023-11-23not yet calculatedCVE-2023-44289
dell — dell_command_monitorDell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.2023-11-23not yet calculatedCVE-2023-44290
dell — dell_os_recovery_toolDell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.2023-11-23not yet calculatedCVE-2023-39253
dell — powerprotect_agent_for_file_systemPowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.2023-11-22not yet calculatedCVE-2023-43081
dell — rvtoolsRVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users’ system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.2023-11-24not yet calculatedCVE-2023-44303
dell — unityDell Unity prior to 5.3 contains a ‘man in the middle’ vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.2023-11-22not yet calculatedCVE-2023-43082
dev_blog — dev_blogDev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.2023-11-21not yet calculatedCVE-2023-6142
 
dev_blog — dev_blogDev blog v1.0 allows to exploit an account takeover through the “user” cookie. With this, an attacker can access any user’s session just by knowing their username.2023-11-21not yet calculatedCVE-2023-6144
 
devolutions — serverInformation leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.2023-11-22not yet calculatedCVE-2023-6264
digital_communications_technologies — syrus4_iot_telematics_gatewayThe Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )2023-11-21not yet calculatedCVE-2023-6248
draytek — vigor2960Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog ‘option’ parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.2023-11-22not yet calculatedCVE-2023-6265
 
drd_fleet_leasing — drdriveImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006.2023-11-22not yet calculatedCVE-2023-5047
duet_display — duet_display_for_windowsAn uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.2023-11-21not yet calculatedCVE-2023-6235
dzslides — dzslidesCross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload.2023-11-20not yet calculatedCVE-2023-47417
 
elastic — elastic_apm_.net_agentThe Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.2023-11-22not yet calculatedCVE-2021-22143
 
elastic — elastic_apm_java_agentA local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.2023-11-22not yet calculatedCVE-2021-37942
 
elastic — elasticsearchAn issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.2023-11-22not yet calculatedCVE-2021-37937
 
elastic — elasticsearchIt was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.2023-11-22not yet calculatedCVE-2023-46673
 
elastic — kibanaIt was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.2023-11-22not yet calculatedCVE-2021-22150
 
elastic — kibanaIt was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.2023-11-22not yet calculatedCVE-2021-22151
 
elastic — kibana
 
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.2023-11-22not yet calculatedCVE-2021-22142
 
fastbots — fastbotsfastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it is executed, and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.2023-11-21not yet calculatedCVE-2023-48699

 

fortra — digital_guardian_agentA saved encryption key in the Uninstaller in Digital Guardian’s Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.2023-11-22not yet calculatedCVE-2023-6253
 
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus_liteStack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially crafted input file.2023-11-22not yet calculatedCVE-2023-35127
 
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus_lite
 
When Fuji Electric Tellus Lite V-Simulator parses a specially crafted input file an out of bounds write may occur.2023-11-22not yet calculatedCVE-2023-40152
 
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus_lite
 
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.2023-11-22not yet calculatedCVE-2023-5299
 
giflib — giflibBuffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c2023-11-22not yet calculatedCVE-2023-48161
 
glewlwyd_sso_server — glewlwyd_sso_serverscheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.2023-11-23not yet calculatedCVE-2023-49208
 
gpac — gpacGPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.2023-11-20not yet calculatedCVE-2023-48039
gpac — gpacGPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.2023-11-20not yet calculatedCVE-2023-48090
headwind_mdm — headwind_mdmHeadwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.2023-11-22not yet calculatedCVE-2023-47312
headwind_mdm — headwind_mdmHeadwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.2023-11-22not yet calculatedCVE-2023-47313
headwind_mdm — headwind_mdmHeadwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload.2023-11-22not yet calculatedCVE-2023-47314
headwind_mdm — headwind_mdmHeadwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.2023-11-22not yet calculatedCVE-2023-47315
headwind_mdm — headwind_mdmHeadwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.2023-11-22not yet calculatedCVE-2023-47316
hikvision — ids-exxhuhThere is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.2023-11-23not yet calculatedCVE-2023-28811
hikvision — localservicecomponentsThere is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.2023-11-23not yet calculatedCVE-2023-28812
hikvision — localservicecomponentsAn attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.2023-11-23not yet calculatedCVE-2023-28813
ibm — cics_tx_advancedIBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.2023-11-18not yet calculatedCVE-2023-38361
 
ibm — cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.2023-11-22not yet calculatedCVE-2022-36777
 
ibm — qradar_wincollect_agentIBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.2023-11-23not yet calculatedCVE-2021-39008
 
ibm — qradar_wincollect_agentIBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.2023-11-24not yet calculatedCVE-2023-26279
 
ibm — sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.2023-11-22not yet calculatedCVE-2022-35638
 
ibm — sterling_b2b_integrator_standard_editionIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.2023-11-22not yet calculatedCVE-2023-25682
 
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.2023-11-18not yet calculatedCVE-2023-40363
 
imagemagick — imagemagickA heap use-after-free flaw was found in coders/bmp.c in ImageMagick.2023-11-19not yet calculatedCVE-2023-5341

 

inea — me_rtuVersions of INEA ME RTU firmware 3.36b and prior do not require authentication to the “root” account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.2023-11-20not yet calculatedCVE-2023-29155
inea — me_rtuVersions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.2023-11-20not yet calculatedCVE-2023-35762
ip_infusion — zebos
 
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.2023-11-21not yet calculatedCVE-2023-45886

 

ironman_software — powershell_universalThe API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.2023-11-23not yet calculatedCVE-2023-49213
 
jeecg-boot — jeecg-bootDirectory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.2023-11-22not yet calculatedCVE-2023-47467
libde265 — libde265Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.2023-11-22not yet calculatedCVE-2023-43887
 
libtiff — libtiffAn out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.2023-11-24not yet calculatedCVE-2023-6277

 

linux — kernelA null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.2023-11-23not yet calculatedCVE-2023-5972

 

linux — kernelA buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.2023-11-21not yet calculatedCVE-2023-6238
 
m-files — m-files_serverA possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.2023-11-22not yet calculatedCVE-2023-6117
m-files — m-files_serverMissing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.2023-11-22not yet calculatedCVE-2023-6189
mercedes-benz — mercedes_me_app_for_iosAn access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.2023-11-22not yet calculatedCVE-2023-47392
mercedes-benz — mercedes_me_app_for_iosAn access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.2023-11-22not yet calculatedCVE-2023-47393
meshery — mesheryA SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.2023-11-24not yet calculatedCVE-2023-46575

 

microsoft — powershellPowerShell Information Disclosure Vulnerability2023-11-20not yet calculatedCVE-2023-36013
mondula_gmbh — multi_step_formCross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.2023-11-22not yet calculatedCVE-2023-47758
mozilla — firefoxWhen an https: web page created a pop-up from a “javascript:” URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.2023-11-21not yet calculatedCVE-2023-6210
 
mozilla — firefoxIf an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.2023-11-21not yet calculatedCVE-2023-6211
 
mozilla — firefoxMemory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.2023-11-21not yet calculatedCVE-2023-6213
 
mozilla — firefox_for_iosAn attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.2023-11-21not yet calculatedCVE-2023-49060
 
mozilla — firefox_for_iosAn attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.2023-11-21not yet calculatedCVE-2023-49061
 
mozilla — multiple_productsOn some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6204

 

mozilla — multiple_productsIt was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6205

 

mozilla — multiple_productsThe black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6206

 

mozilla — multiple_productsOwnership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6207

 

mozilla — multiple_productsWhen using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected. * This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6208

 

mozilla — multiple_productsRelative URLs starting with three slashes were incorrectly parsed, and a path-traversal “/../” part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6209

 

mozilla — multiple_productsMemory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.2023-11-21not yet calculatedCVE-2023-6212

 

mprivacy-tools — mprivacy-tools
 
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.2023-11-22not yet calculatedCVE-2023-47250

 

mprivacy-tools — mprivacy-tools
 
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client’s filesystem.2023-11-22not yet calculatedCVE-2023-47251

 

nautobot — nautobotThe Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials.2023-11-21not yet calculatedCVE-2023-48700
nautobot — nautobotNautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django’s `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.2023-11-22not yet calculatedCVE-2023-48705

 

nc3-lu — testingplatformTestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.2023-11-20not yet calculatedCVE-2023-48310

 

nearform — fast-jwtfast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The ‘publicKeyPemMatcher’ in ‘fast-jwt/src/crypto.js’ does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression.2023-11-20not yet calculatedCVE-2023-48223

 

network_optix — nxcloudAn issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.2023-11-22not yet calculatedCVE-2023-6263
nextcloud — nextcloud_mailNextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.2023-11-21not yet calculatedCVE-2023-48307

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.2023-11-21not yet calculatedCVE-2023-48239

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.2023-11-21not yet calculatedCVE-2023-48301

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.2023-11-21not yet calculatedCVE-2023-48302

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.2023-11-21not yet calculatedCVE-2023-48303

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.2023-11-21not yet calculatedCVE-2023-48304

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users’ passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments).2023-11-21not yet calculatedCVE-2023-48305

 

nextcloud — nextcloud_serverNextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.2023-11-21not yet calculatedCVE-2023-48306

 

node — nodeThe use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js2023-11-23not yet calculatedCVE-2023-30581
nzbget — nzbgetNZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-11-22not yet calculatedCVE-2023-49102
 
openreplay — openreplayOpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field – Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really sent from OpenReplay, but bad actors can add their HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct – cannot type there but using this kind of bypass/workaround – bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available.2023-11-21not yet calculatedCVE-2023-48226

 

openssl — opensslThe openssl (aka node-openssl) NPM package through 2.0.0 was characterized as “a nonsense wrapper with no real purpose” by its author and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-11-23not yet calculatedCVE-2023-49210

 

openzfs — openzfsOpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.2023-11-24not yet calculatedCVE-2023-49298

 

os4ed — opensis_classic_community_editionThe Community Edition version 9.0 of OS4ED’s openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the ‘filename’ parameter of ‘DownloadWindow.php’.2023-11-20not yet calculatedCVE-2023-38879

 

os4ed — opensis_classic_community_editionThe Community Edition version 9.0 of OS4ED’s openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of “opensisBackup<date>.sq|” (e.g. “opensisBackup07-20-2023.sql”), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.2023-11-20not yet calculatedCVE-2023-38880

 

os4ed — opensis_classic_community_editionA reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED’s openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the ‘calendar_id’, ‘school_date’, ‘month’ or ‘year’ parameters in ‘CalendarModal.php’.2023-11-20not yet calculatedCVE-2023-38881

 

os4ed — opensis_classic_community_editionA reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED’s openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the ‘include’ parameter in ‘ForExport.php’2023-11-20not yet calculatedCVE-2023-38882

 

os4ed — opensis_classic_community_editionA reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED’s openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the ‘ajax’ parameter in ‘ParentLookup.php’.2023-11-20not yet calculatedCVE-2023-38883

 

os4ed — opensis_classic_community_editionAn Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student’s files by visiting ‘/assets/studentfiles/<studentId>-<filename>’2023-11-20not yet calculatedCVE-2023-38884

 

os4ed — opensis_classic_community_editionOpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.2023-11-20not yet calculatedCVE-2023-38885

 

owncloud — owncloudAn issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.2023-11-21not yet calculatedCVE-2023-49103
 
owncloud — owncloudAn issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.2023-11-21not yet calculatedCVE-2023-49104
 
owncloud — owncloudAn issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.2023-11-21not yet calculatedCVE-2023-49105
 
pandora_fms — pandora_fmsExposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.2023-11-23not yet calculatedCVE-2023-41786
pandora_fms — pandora_fmsUncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772.2023-11-23not yet calculatedCVE-2023-41787
pandora_fms — pandora_fmsUnrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41788
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41789
pandora_fms — pandora_fmsUncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41790
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41791
pandora_fms — pandora_fmsCross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41792
pandora_fms — pandora_fmsImproper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41806
pandora_fms — pandora_fmsImproper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41807
pandora_fms — pandora_fmsImproper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorized user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41808
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets’ text box. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41810
pandora_fms — pandora_fmsImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41811
pandora_fms — pandora_fmsUnrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.2023-11-23not yet calculatedCVE-2023-41812
pandora_fms — pandora_fmsCron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.2023-11-23not yet calculatedCVE-2023-4677
prestashop — prestashopIn the module “Chronopost Official” (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.2023-11-22not yet calculatedCVE-2023-45377
 
prestashop — prestashopIn the module “Cross Selling in Modal Cart” (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.2023-11-22not yet calculatedCVE-2023-46357
 
publiccms — publiccms
 
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.2023-11-20not yet calculatedCVE-2023-46990
pytorch — serveTorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability.2023-11-21not yet calculatedCVE-2023-48299

 

radare2 — radare2
 
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.2023-11-22not yet calculatedCVE-2023-47016

 

red_lion_controls — st-ipm-8460When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.2023-11-21not yet calculatedCVE-2023-40151
 
red_lion_controls — st-ipm-8460Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.2023-11-21not yet calculatedCVE-2023-42770
 
salesagility — suitecrm-coreSuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds.2023-11-21not yet calculatedCVE-2023-47643

 

sequelize-typescript — sequelize-typescriptPrototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.2023-11-24not yet calculatedCVE-2023-6293
 
siemens — jt2goThe Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.2023-11-21not yet calculatedCVE-2021-38405
 
sourcecodester — sticky_notes_app
 
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.2023-11-22not yet calculatedCVE-2023-47014
sourcecodester — sup_online_shoppingCross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component.2023-11-21not yet calculatedCVE-2023-48124
 
statamic_cms — statamic_cmsStatamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 and 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the “Forms” feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.2023-11-21not yet calculatedCVE-2023-48701

 

strapi — strapiThe Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn’t have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds.2023-11-20not yet calculatedCVE-2023-48218

 

swiftyedit — swiftyedit
 
SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to Cross Site Request Forgery (CSRF).2023-11-22not yet calculatedCVE-2023-47350
sysaid — sysaidSysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.2023-11-24not yet calculatedCVE-2023-33706
tenable — nessusAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial-of-service condition.2023-11-20not yet calculatedCVE-2023-6062
 
tenable — nessus_agentAn arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial-of-service condition.2023-11-20not yet calculatedCVE-2023-6178
tenda — multiple_productsBuffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.2023-11-20not yet calculatedCVE-2023-38823
texas_instruments — cc32xxTexas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in ‘HeapMem_allocUnprotected’ and result in code execution.2023-11-20not yet calculatedCVE-2021-22636
 
texas_instruments — cc32xxTexas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in ‘HeapTrack_alloc’ and result in code execution.2023-11-20not yet calculatedCVE-2021-27429
 
texas_instruments — cc32xxTexas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in ‘HeapMem_allocUnprotected’ and result in code execution.2023-11-21not yet calculatedCVE-2021-27502
 
texas_instruments — cc32xxTexas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in ‘malloc’ for FreeRTOS, resulting in code execution.2023-11-21not yet calculatedCVE-2021-27504
 
tongda — tongda_oa
 
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.2023-11-24not yet calculatedCVE-2023-6276

 

totolink — a3700rAn issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.2023-11-20not yet calculatedCVE-2023-48192

 

totvs_s.a. — fluig_platform
 
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input “><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-24not yet calculatedCVE-2023-6275
 
unitree_robotics — a1Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot’s camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot’s resources, which could lead to a denial-of-service (DOS) condition.2023-11-22not yet calculatedCVE-2023-3103
unitree_robotics — a1Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.2023-11-22not yet calculatedCVE-2023-3104
upydev — upydevAn issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.2023-11-20not yet calculatedCVE-2023-48051
usedesk — usedeskUsedesk before 1.7.57 allows chat template injection.2023-11-23not yet calculatedCVE-2023-49214
usedesk — usedeskUsedesk before 1.7.57 allows filter reflected XSS.2023-11-23not yet calculatedCVE-2023-49215
usedesk — usedeskUsedesk before 1.7.57 allows profile stored XSS.2023-11-23not yet calculatedCVE-2023-49216
veon_computer — service_tracking_softwareImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Veon Computer Service Tracking Software allows SQL Injection. This issue affects Service Tracking Software: through 20231122.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-22not yet calculatedCVE-2023-2889
videolan — vlc_media_player
 
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.2023-11-22not yet calculatedCVE-2023-46814
vim — vimVim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.2023-11-22not yet calculatedCVE-2023-48706

 

wago — compact_controller_100Wago web-based management of multiple products has a vulnerability which allows a local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.2023-11-20not yet calculatedCVE-2023-3379
wago — industrial_managed_switchA vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.2023-11-21not yet calculatedCVE-2023-4149
warp-tech — warpgateWarpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user’s account. Limited users can impersonate another user’s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-24not yet calculatedCVE-2023-48712
 
websiteguide — websiteguideAn Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).2023-11-20not yet calculatedCVE-2023-48176
wireapp — wire-avswire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.2023-11-20not yet calculatedCVE-2023-48221
 
withsecure — multiple_products
 
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later.2023-11-20not yet calculatedCVE-2023-47172
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.2023-11-23not yet calculatedCVE-2023-23978
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user’s email address to successfully exploit this vulnerability.2023-11-22not yet calculatedCVE-2023-2437

 

wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the ‘userpro_save_userdata’ function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-2438
 
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the ‘admin_page’, ‘userpro_verify_user’ and ‘verifyUnverifyAllUsers’ functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as ‘administrator’ via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-2440
 
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the ‘userpro’ shortcode in versions up to and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.2023-11-22not yet calculatedCVE-2023-2446

 

wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the ‘export_users’ function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-2447
 
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘userpro_shortcode_template’ function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.2023-11-22not yet calculatedCVE-2023-2448

 

wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.2023-11-22not yet calculatedCVE-2023-2449

 

wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the ‘import_settings’ function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-2497
 
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips. This issue affects WordPress Tooltips: from n/a through 8.2.5.2023-11-18not yet calculatedCVE-2023-25985
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen – Ancienne version plugin <= 4.10.2 versions.2023-11-22not yet calculatedCVE-2023-25986
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Aleksandar UroŇ°evi My YouTube Channel plugin <= 3.23.3 versions.2023-11-22not yet calculatedCVE-2023-25987
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.2023-11-22not yet calculatedCVE-2023-26532
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions.2023-11-22not yet calculatedCVE-2023-26542
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.2023-11-22not yet calculatedCVE-2023-27442
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.2023-11-22not yet calculatedCVE-2023-27444
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions.2023-11-22not yet calculatedCVE-2023-27446
wordpress — wordpressServer-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions.2023-11-22not yet calculatedCVE-2023-27451
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.2023-11-22not yet calculatedCVE-2023-27453
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.2023-11-22not yet calculatedCVE-2023-27457
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.2023-11-22not yet calculatedCVE-2023-27458
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.2023-11-22not yet calculatedCVE-2023-27461
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions.2023-11-22not yet calculatedCVE-2023-27633
wordpress — wordpressThe Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-11-22not yet calculatedCVE-2023-2841

 

wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.2023-11-22not yet calculatedCVE-2023-28747
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.2023-11-22not yet calculatedCVE-2023-28749
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium. This issue affects Yoast Local Premium: from n/a through 14.8.2023-11-18not yet calculatedCVE-2023-28780
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.2023-11-22not yet calculatedCVE-2023-30496
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login. This issue affects Easy Hide Login: from n/a through 1.0.8.2023-11-18not yet calculatedCVE-2023-31075
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator. This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.2023-11-18not yet calculatedCVE-2023-31089
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro. This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.2023-11-18not yet calculatedCVE-2023-32245
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat. This issue affects Wise Chat: from n/a through 3.1.3.2023-11-18not yet calculatedCVE-2023-32504
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag. This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.2023-11-18not yet calculatedCVE-2023-32514
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.2023-11-22not yet calculatedCVE-2023-39925
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions.2023-11-23not yet calculatedCVE-2023-40002
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Patreon WordPress. This issue affects Patreon WordPress: from n/a through 1.8.6.2023-11-18not yet calculatedCVE-2023-41129
wordpress — wordpressThe WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.2023-11-22not yet calculatedCVE-2023-4686

 

wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend. This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.2023-11-23not yet calculatedCVE-2023-47244
wordpress — wordpressThe Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-11-22not yet calculatedCVE-2023-4726
 
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection. This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.2023-11-23not yet calculatedCVE-2023-47529
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar. This issue affects Add Local Avatar: from n/a through 12.1.2023-11-18not yet calculatedCVE-2023-47650
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page. This issue affects WP Links Page: from n/a through 4.9.4.2023-11-18not yet calculatedCVE-2023-47651
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara. This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.2023-11-18not yet calculatedCVE-2023-47655
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.2023-11-23not yet calculatedCVE-2023-47668
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.2023-11-22not yet calculatedCVE-2023-47755
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Premio Chaty plugin <= 3.1.2 versions.2023-11-22not yet calculatedCVE-2023-47759
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard’s Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.2023-11-22not yet calculatedCVE-2023-47765
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.2023-11-22not yet calculatedCVE-2023-47766
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.2023-11-22not yet calculatedCVE-2023-47767
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.2023-11-22not yet calculatedCVE-2023-47768
wordpress — wordpressContributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.2023-11-20not yet calculatedCVE-2023-47772
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.2023-11-22not yet calculatedCVE-2023-47773
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments – wpDiscuz plugin <= 7.6.11 versions.2023-11-22not yet calculatedCVE-2023-47775
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <= 3.24.2 versions.2023-11-22not yet calculatedCVE-2023-47781
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions.2023-11-22not yet calculatedCVE-2023-47785
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LayerSlider plugin <= 7.7.9 versions.2023-11-22not yet calculatedCVE-2023-47786
wordpress — wordpressCross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.2023-11-23not yet calculatedCVE-2023-47790
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.2023-11-22not yet calculatedCVE-2023-47791
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.2023-11-22not yet calculatedCVE-2023-47792
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions.2023-11-22not yet calculatedCVE-2023-47808
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Accordion plugin <= 2.6 versions.2023-11-22not yet calculatedCVE-2023-47809
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions.2023-11-22not yet calculatedCVE-2023-47810
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions.2023-11-22not yet calculatedCVE-2023-47811
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bamboo Mcr Bamboo Columns plugin <= 1.6.1 versions.2023-11-22not yet calculatedCVE-2023-47812
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in grandslambert Better RSS Widget plugin <= 2.8.1 versions.2023-11-22not yet calculatedCVE-2023-47813
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Waterloo Plugins BMI Calculator Plugin plugin <= 1.0.3 versions.2023-11-22not yet calculatedCVE-2023-47814
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions.2023-11-22not yet calculatedCVE-2023-47815
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.2023-11-22not yet calculatedCVE-2023-47816
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13 versions.2023-11-22not yet calculatedCVE-2023-47817
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions.2023-11-22not yet calculatedCVE-2023-47819
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions.2023-11-22not yet calculatedCVE-2023-47821
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions.2023-11-22not yet calculatedCVE-2023-47824
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions.2023-11-22not yet calculatedCVE-2023-47825
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codez Quick Call Button plugin <= 1.2.9 versions.2023-11-22not yet calculatedCVE-2023-47829
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in assorted[chips] DrawIt (draw.Io) plugin <= 1.1.3 versions.2023-11-22not yet calculatedCVE-2023-47831
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions.2023-11-23not yet calculatedCVE-2023-47833
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions.2023-11-23not yet calculatedCVE-2023-47834
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions.2023-11-23not yet calculatedCVE-2023-47835
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.2023-11-23not yet calculatedCVE-2023-47839
wordpress — wordpressThe WP Post Popup WordPress plugin through 3.7.3 does not sanitize and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-20not yet calculatedCVE-2023-4808
wordpress — wordpressThe HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘csvsearch’ shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5096
 
wordpress — wordpressThe TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘map’ shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5128

 

wordpress — wordpressThe Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘woo-related’ shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5234

 

wordpress — wordpressThe Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5338
 
wordpress — wordpressThe Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.2023-11-20not yet calculatedCVE-2023-5340
wordpress — wordpressThe Popup box WordPress plugin before 3.7.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.2023-11-20not yet calculatedCVE-2023-5343
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-5382
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-5383
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.2023-11-22not yet calculatedCVE-2023-5385
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.2023-11-22not yet calculatedCVE-2023-5386
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.2023-11-22not yet calculatedCVE-2023-5387
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.2023-11-22not yet calculatedCVE-2023-5411
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.2023-11-22not yet calculatedCVE-2023-5415
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.2023-11-22not yet calculatedCVE-2023-5416
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.2023-11-22not yet calculatedCVE-2023-5417
 
wordpress — wordpressThe Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.2023-11-22not yet calculatedCVE-2023-5419
 
wordpress — wordpressThe Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-11-22not yet calculatedCVE-2023-5465

 

wordpress — wordpressThe Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-11-22not yet calculatedCVE-2023-5466

 

wordpress — wordpressThe Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘dropshadowbox’ shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5469

 

wordpress — wordpressThe myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.2023-11-20not yet calculatedCVE-2023-5509
wordpress — wordpressThe Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-22not yet calculatedCVE-2023-5537

 

wordpress — wordpressThe Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-11-20not yet calculatedCVE-2023-5609
wordpress — wordpressThe Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect2023-11-20not yet calculatedCVE-2023-5610
wordpress — wordpressThe Article Analytics WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.2023-11-20not yet calculatedCVE-2023-5640
 
wordpress — wordpressThe WP Hotel Booking WordPress plugin before 2.0.8 does not have authorization and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts2023-11-20not yet calculatedCVE-2023-5651
wordpress — wordpressThe WP Hotel Booking WordPress plugin before 2.0.8 does not have authorization and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections2023-11-20not yet calculatedCVE-2023-5652
wordpress — wordpressThe Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sponsors’ shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5662
 
wordpress — wordpressThe Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ggpkg’ shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9.2023-11-22not yet calculatedCVE-2023-5664

 

wordpress — wordpressThe Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5667

 

wordpress — wordpressThe CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5704
 
wordpress — wordpressThe VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vk-blocks/ancestor-page-list’ block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5706

 

wordpress — wordpressThe WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘column’ shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5708
 
wordpress — wordpressThe Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-11-22not yet calculatedCVE-2023-5715

 

wordpress — wordpressThe EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘easyrotator’ shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5742
 
wordpress — wordpressThe Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-21not yet calculatedCVE-2023-5776

 

wordpress — wordpressThe WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do not belong to them.2023-11-20not yet calculatedCVE-2023-5799
wordpress — wordpressThe News & Blog Designer Pack – WordPress Blog Plugin – (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.2023-11-22not yet calculatedCVE-2023-5815

 

wordpress — wordpressThe Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the ‘dnd_upload_cf7_upload’ function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a ‘multiple file upload’ form field with ‘*’ acceptable file types.2023-11-22not yet calculatedCVE-2023-5822

 

wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.2023-11-22not yet calculatedCVE-2023-6007
 
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.2023-11-22not yet calculatedCVE-2023-6008
 
wordpress — wordpressThe UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the ‘userpro_update_user_profile’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wp_capabilities’ parameter during a profile update.2023-11-22not yet calculatedCVE-2023-6009

 

wordpress — wordpressThe LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.2023-11-22not yet calculatedCVE-2023-6160
 
wordpress — wordpressThe MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.2023-11-22not yet calculatedCVE-2023-6164
 
wordpress — wordpress
 
The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Contact_Form_Builder’ shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on ‘id’ user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5048
 
wordpress — wordpress
 
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).2023-11-20not yet calculatedCVE-2023-5119
wordpress — wordpress
 
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘shortcode-weather-atlas’ shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-22not yet calculatedCVE-2023-5163

 

wordpress — wordpress
 
The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the ‘test-email’ section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site’s mail server.2023-11-22not yet calculatedCVE-2023-5314
 
xwiki — xwikiXWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image’s source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image’s domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`.2023-11-20not yet calculatedCVE-2023-48240

 

xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don’t include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.2023-11-20not yet calculatedCVE-2023-48241

 

xwiki — xwikiThe XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack is “comments”. When the attacker can leave a comment on any page in the wiki, it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn’t needed.2023-11-20not yet calculatedCVE-2023-48292

 

xwiki — xwikiThe XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availability of the whole XWiki instance. A possible attack vector are comments on the wiki, by embedding an image with wiki syntax like `[[image:path:/xwiki/bin/view/Admin/QueryOnXWiki?query=DELETE%20FROM%20xwikidoc]]`, all documents would be deleted from the database when an admin user views this comment. This has been patched in Admin Tools Application 4.5.1 by adding form token checks. Some workarounds are available. The patch can also be applied manually to the affected pages. Alternatively, if the query tool is not needed, by deleting the document `Admin.SQLToolsGroovy`, all database query tools can be deactivated.2023-11-20not yet calculatedCVE-2023-48293

 

yamcs — yamcsCross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.2023-11-20not yet calculatedCVE-2023-46470
yamcs — yamcsCross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.2023-11-20not yet calculatedCVE-2023-46471
yamcs — yamcsAn issue in Yamcs 5.8.6 allows attackers to send arbitrary telecommands in a Command Stack via Clickjacking.2023-11-20not yet calculatedCVE-2023-47311
zephyr — zephyrA malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.2023-11-21not yet calculatedCVE-2023-4424
zephyr — zephyrPossible variant of CVE-2021-3434 in function le_ecred_reconf_req.2023-11-21not yet calculatedCVE-2023-5055
zlib-ng — zlib-ngBuffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.2023-11-22not yet calculatedCVE-2023-48106
zlib-ng — zlib-ngBuffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.2023-11-22not yet calculatedCVE-2023-48107
zohocorp — manageengine_recoverymanager_plusZoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.2023-11-22not yet calculatedCVE-2023-48646
zscaler — client_connectorAn Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.2023-11-21not yet calculatedCVE-2023-28802
zyxel — secuextender_ssl_vpn_clientThe out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.2023-11-20not yet calculatedCVE-2023-5593
 cisco — cisco_ip_phones_with_multiplatform_firmwareA vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.2023-11-21not yet calculatedCVE-2023-20265
 google-translate-api-browser —  google-translate-api-browsergoogle-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://[email protected]/…`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-24not yet calculatedCVE-2023-48711
 

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.