Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
CWE-94
critical
 9.8
9.8
2023-09-25 CVE-2023-0626 Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
CWE-94
critical
 9.8
9.8
2023-09-25 CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
local
low complexity
 7.8
7.8
2023-09-25 CVE-2023-0633 In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
local
low complexity
CWE-88
7.8
7.8
2023-09-25 CVE-2023-23567 Out-of-bounds Write vulnerability in Accusoft Imagegear 20.1
A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1.
network
low complexity
accusoft CWE-787
8.8
8.8
2023-09-25 CVE-2023-28393 Out-of-bounds Write vulnerability in Accusoft Imagegear 20.1
A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1.
network
low complexity
accusoft CWE-787
8.8
8.8
2023-09-25 CVE-2023-32284 Out-of-bounds Write vulnerability in Accusoft Imagegear 20.1
An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1.
network
low complexity
accusoft CWE-787
critical
 9.8
9.8
2023-09-25 CVE-2023-40163 Out-of-bounds Write vulnerability in Accusoft Imagegear 20.1
An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1.
network
low complexity
accusoft CWE-787
critical
 9.8
9.8
2023-09-25 CVE-2023-43456 Cross-site Scripting vulnerability in Oretnom23 Service Provider Management System 1.0
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.
network
low complexity
oretnom23 CWE-79
5.4
5.4
2023-09-25 CVE-2023-43256 A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.
network
low complexity
CWE-22
6.5
6.5