Weekly Vulnerabilities Reports > January 23 to 29, 2023

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical.

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

OpenMage LTS is an e-commerce platform.

Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function.

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

OpenSearch is an open source distributed and RESTful search engine.

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole.

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents.

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers.

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon.

Auth.

The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability.

A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule.

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog.

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword.

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server.

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF).

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1.

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks.

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.

Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.

Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.

Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included.

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code.

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check.

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check.

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack.

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code.

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check.

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code.

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free.

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free.

In binder_vma_close of binder.c, there is a possible use after free due to improper locking.

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation.

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root.

uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.

Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.

Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion.

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation.

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.

All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory.

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.

OpenMage LTS is an e-commerce platform.

Discourse is an open-source discussion platform.

Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader.

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

A path traversal vulnerability exists in Sage FRP 1000 before November 2019.

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.

Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.

Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'.

A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files.

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

GLPI is a Free Asset and IT Management Software package.

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system.

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.

In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.

In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete.

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart.

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().

IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Unauthenticated denial of service

vRealize Log Insight contains a deserialization vulnerability.

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory.

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function.

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code.

An improper access control vulnerability was identified in the Realtek audio driver.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0.

AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.

OpenMage LTS is an e-commerce platform.

OpenMage LTS is an e-commerce platform.

OpenMage LTS is an e-commerce platform.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical.

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation.

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure.

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

wire-server provides back end services for Wire, a team communication and collaboration platform.

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5.

Discourse is an open source platform for community discussion.

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

Discourse is an open source platform for community discussion.

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.

GLPI is a Free Asset and IT Management Software package.

OpenSearch is an open source distributed and RESTful search engine.

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data.

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

Authenticated denial of service

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

Metabase is an open source data analytics platform.

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

A vulnerability was found in capnsquarepants wordcraft up to 0.6.

A vulnerability was found in mosbth cimage up to 0.7.18.

Sanitize is an allowlist-based HTML and CSS sanitizer.

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter.

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic.

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.

A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection.

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.

GLPI is a Free Asset and IT Management Software package.

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

An issue was discovered in HFish 0.5.1.

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser.

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS).

The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.

app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel.

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup.

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion.

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion.

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass.

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack.

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack.

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem.

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build.

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.

The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping.

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

NOSH 4a5cfdb allows stored XSS via the create user page.

A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic.

Grafana is an open-source platform for monitoring and observability.

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality.

A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2.

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10.

A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.

LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts.

Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar.

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic.

Discourse is an open source platform for community discussion.

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools.

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.

Auth.

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used.

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.

Discourse is an open-source discussion platform.

Discourse is an open-source discussion platform.

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5.

Wire web-app is part of Wire communications.

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials.

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem.

VMware vRealize Log Insight contains an Information Disclosure Vulnerability.

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation.

The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.

Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6.

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality.

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0.

The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping.

GLPI is a Free Asset and IT Management Software package.

GLPI is a Free Asset and IT Management Software package.

GLPI is a Free Asset and IT Management Software package.

The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0.

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0.

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs.

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack.

Discourse is an open-source discussion platform.

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2.

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2.

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases.

Spotipy is a light weight Python library for the Spotify Web API.

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1.

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

Metabase is an open source data analytics platform.

There is an improper authentication vulnerability in Pandora FMS v764.

Grafana is an open-source platform for monitoring and observability.

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.

The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory.

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.