Weekly Vulnerabilities Reports > August 7 to 13, 2023
Overview
787 new vulnerabilities reported during this period, including 116 critical vulnerabilities and 343 high severity vulnerabilities. This weekly summary report vulnerabilities in 2544 products from 234 vendors including Microsoft, Intel, Google, Adobe, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Out-of-bounds Read", and "Classic Buffer Overflow".
- 480 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 238 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 395 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 76 reported vulnerabilities.
- Tenda has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
116 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-08-08 | CVE-2023-3572 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | 10.0 |
2023-08-13 | CVE-2023-39405 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. | 9.8 |
2023-08-12 | CVE-2023-3452 | Canto | Unspecified vulnerability in Canto 1.3.0 The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. | 9.8 |
2023-08-11 | CVE-2020-27544 | Foldingathome | Unspecified vulnerability in Foldingathome Client Advanced Control An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. | 9.8 |
2023-08-11 | CVE-2020-36034 | School Faculty Scheduling System Project | SQL Injection vulnerability in School Faculty Scheduling System Project School Faculty Scheduling System 1.0 SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | 9.8 |
2023-08-11 | CVE-2020-36082 | Bloofox | Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. | 9.8 |
2023-08-11 | CVE-2021-26505 | Hello JS Project | Unspecified vulnerability in Hello.Js Project Hello.Js 1.18.6 Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function. | 9.8 |
2023-08-11 | CVE-2021-27523 | Open Falcon | Unspecified vulnerability in Open-Falcon Dashboard 0.2.0 An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. | 9.8 |
2023-08-11 | CVE-2021-28411 | Ruoyi | Improper Privilege Management vulnerability in Ruoyi 3.4.0 An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | 9.8 |
2023-08-11 | CVE-2023-40254 | Genians | Download of Code Without Integrity Check vulnerability in Genians Genian NAC and Genian Ztna Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | 9.8 |
2023-08-11 | CVE-2023-40267 | Gitpython Project | Unspecified vulnerability in Gitpython Project Gitpython GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. | 9.8 |
2023-08-11 | CVE-2023-3824 | PHP Fedoraproject Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | 9.8 |
2023-08-11 | CVE-2023-40253 | Genians | Improper Authentication vulnerability in Genians Genian NAC and Genian Ztna Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | 9.8 |
2023-08-11 | CVE-2023-40256 | Veritas | Improper Certificate Validation vulnerability in Veritas Netbackup Snapshot Manager A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. | 9.8 |
2023-08-11 | CVE-2023-25775 | Intel | Unspecified vulnerability in Intel Ethernet Controller Rdma Driver for Linux Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-08-10 | CVE-2023-32560 | Ivanti | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | 9.8 |
2023-08-10 | CVE-2023-32562 | Ivanti | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 9.8 |
2023-08-10 | CVE-2023-32563 | Ivanti | Path Traversal vulnerability in Ivanti Avalanche An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 |
2023-08-10 | CVE-2023-32564 | Ivanti | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 |
2023-08-10 | CVE-2023-39805 | Idreamsoft | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | 9.8 |
2023-08-10 | CVE-2023-39806 | Idreamsoft | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | 9.8 |
2023-08-10 | CVE-2023-32567 | Ivanti | XXE vulnerability in Ivanti Avalanche Ivanti Avalanche decodeToMap XML External Entity Processing. | 9.8 |
2023-08-10 | CVE-2023-35085 | UI | Integer Overflow or Wraparound vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. | 9.8 |
2023-08-10 | CVE-2023-38034 | UI | Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 9.8 |
2023-08-10 | CVE-2023-39966 | Fit2Cloud | Missing Authorization vulnerability in Fit2Cloud 1Panel 1.4.3 1Panel is an open source Linux server operation and maintenance management panel. | 9.8 |
2023-08-10 | CVE-2023-36311 | Phpjabbers | SQL Injection vulnerability in PHPjabbers Document Creator 1.0 There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | 9.8 |
2023-08-10 | CVE-2023-39776 | Phpjabbers | Unrestricted Upload of File with Dangerous Type vulnerability in PHPjabbers Ticket Support Script 3.2 A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
2023-08-10 | CVE-2023-37734 | Ezsoftmagic | Classic Buffer Overflow vulnerability in Ezsoftmagic MP3 Audio Converter 2.7.3.700 EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. | 9.8 |
2023-08-10 | CVE-2023-37069 | Online Hospital Management System Project | SQL Injection vulnerability in Online Hospital Management System Project Online Hospital Management System 1.0 Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. | 9.8 |
2023-08-10 | CVE-2023-26311 | Oppo | Unspecified vulnerability in Oppo Store 1.5.11 A remote code execution vulnerability in the webview component of OPPO Store app. | 9.8 |
2023-08-10 | CVE-2023-26309 | Oneplus | Unspecified vulnerability in Oneplus Store 3.3.0 A remote code execution vulnerability in the webview component of OnePlus Store app. | 9.8 |
2023-08-10 | CVE-2023-30699 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. | 9.8 |
2023-08-09 | CVE-2023-37068 | Sherlock | SQL Injection vulnerability in Sherlock GYM Management System 1.0 Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. | 9.8 |
2023-08-09 | CVE-2023-39001 | Opnsense | Command Injection vulnerability in Opnsense A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 |
2023-08-09 | CVE-2023-39004 | Opnsense | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | 9.8 |
2023-08-09 | CVE-2023-39008 | Opnsense | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |
2023-08-09 | CVE-2023-39969 | Trailofbits | Improper Verification of Cryptographic Signature vulnerability in Trailofbits Uthenticode uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. | 9.8 |
2023-08-09 | CVE-2023-34545 | Cskaza | SQL Injection vulnerability in Cskaza Cszcms 1.3.0 A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | 9.8 |
2023-08-09 | CVE-2023-3632 | Kunduz | Use of Hard-coded Cryptographic Key vulnerability in Kunduz Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3. | 9.8 |
2023-08-09 | CVE-2023-26310 | Oppo | Command Injection vulnerability in Oppo Coloros 12.3 There is a command injection problem in the old version of the mobile phone backup app. | 9.8 |
2023-08-08 | CVE-2023-39213 | Zoom | Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | 9.8 |
2023-08-08 | CVE-2023-40041 | Totolink | Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511 TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. | 9.8 |
2023-08-08 | CVE-2023-40042 | Totolink | Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511 TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. | 9.8 |
2023-08-08 | CVE-2023-20586 | AMD | Unspecified vulnerability in AMD Radeon Software A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. | 9.8 |
2023-08-08 | CVE-2023-21709 | Microsoft | Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.8 |
2023-08-08 | CVE-2023-35385 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2023-08-08 | CVE-2023-36534 | Zoom | Path Traversal vulnerability in Zoom Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | 9.8 |
2023-08-08 | CVE-2023-36903 | Microsoft | Unspecified vulnerability in Microsoft products Windows System Assessment Tool Elevation of Privilege Vulnerability | 9.8 |
2023-08-08 | CVE-2023-36910 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2023-08-08 | CVE-2023-36911 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2023-08-08 | CVE-2023-38186 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mobile Device Management Elevation of Privilege Vulnerability | 9.8 |
2023-08-08 | CVE-2023-39216 | Zoom | Unspecified vulnerability in Zoom Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | 9.8 |
2023-08-08 | CVE-2023-39532 | Agoric | Unspecified vulnerability in Agoric SES SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. | 9.8 |
2023-08-08 | CVE-2023-3386 | A2Technology | SQL Injection vulnerability in A2Technology Camera Trap Tracking System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905. | 9.8 |
2023-08-08 | CVE-2023-3522 | A2Technology | SQL Injection vulnerability in A2Technology License Portal System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | 9.8 |
2023-08-08 | CVE-2023-3651 | Digital ANT | SQL Injection vulnerability in Digital-Ant Digital ANT Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. | 9.8 |
2023-08-08 | CVE-2023-37682 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. | 9.8 |
2023-08-08 | CVE-2023-3716 | Oduyo | SQL Injection vulnerability in Oduyo Online Collection Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1. | 9.8 |
2023-08-08 | CVE-2023-3717 | Farmakom | SQL Injection vulnerability in Farmakom Remote Administration Console Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02. | 9.8 |
2023-08-08 | CVE-2022-40510 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. | 9.8 |
2023-08-08 | CVE-2023-24845 | Siemens | Unspecified vulnerability in Siemens Ruggedcom ROS A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. | 9.8 |
2023-08-08 | CVE-2023-28561 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm Qcn7606 Firmware Memory corruption in QESL while processing payload from external ESL device to firmware. | 9.8 |
2023-08-08 | CVE-2023-37372 | Siemens | SQL Injection vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3 A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). | 9.8 |
2023-08-08 | CVE-2023-3898 | Mayanets | SQL Injection vulnerability in Mayanets E-Commerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. | 9.8 |
2023-08-08 | CVE-2023-39976 | Clusterlabs | Classic Buffer Overflow vulnerability in Clusterlabs Libqb log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | 9.8 |
2023-08-08 | CVE-2023-37483 | SAP | Missing Authentication for Critical Function vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | 9.8 |
2023-08-08 | CVE-2023-39439 | SAP | Empty Password in Configuration File vulnerability in SAP Commerce Cloud and Commerce Hycom SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. | 9.8 |
2023-08-07 | CVE-2023-39526 | Prestashop | SQL Injection vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.8 |
2023-08-07 | CVE-2023-38704 | Datadoghq | Unspecified vulnerability in Datadoghq Import-In-The-Middle import-in-the-middle is a module loading interceptor specifically for ESM modules. | 9.8 |
2023-08-07 | CVE-2023-39524 | Prestashop | SQL Injection vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.8 |
2023-08-07 | CVE-2023-4201 | Mayurik | SQL Injection vulnerability in Mayurik Inventory Management System 1.0 A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. | 9.8 |
2023-08-07 | CVE-2023-38928 | Netgear | Command Injection vulnerability in Netgear R7100Lg Firmware 1.0.0.78 Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | 9.8 |
2023-08-07 | CVE-2023-38929 | Tenda | Out-of-bounds Write vulnerability in Tenda 4G300 Firmware 1.01.42 Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. | 9.8 |
2023-08-07 | CVE-2023-38930 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 9.8 |
2023-08-07 | CVE-2023-38931 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. | 9.8 |
2023-08-07 | CVE-2023-38932 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. | 9.8 |
2023-08-07 | CVE-2023-38933 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | 9.8 |
2023-08-07 | CVE-2023-38934 | Tenda | Out-of-bounds Write vulnerability in Tenda F1203 Firmware, Fh1203 Firmware and Fh1205 Firmware Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. | 9.8 |
2023-08-07 | CVE-2023-38935 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. | 9.8 |
2023-08-07 | CVE-2023-38936 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 9.8 |
2023-08-07 | CVE-2023-38937 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. | 9.8 |
2023-08-07 | CVE-2023-38938 | Tenda | Out-of-bounds Write vulnerability in Tenda products Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. | 9.8 |
2023-08-07 | CVE-2023-38939 | Tenda | Out-of-bounds Write vulnerability in Tenda F1202 Firmware and Fh1202 Firmware Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. | 9.8 |
2023-08-07 | CVE-2023-38940 | Tenda | Out-of-bounds Write vulnerability in Tenda F1203 Firmware, Fh1203 Firmware and Fh1205 Firmware Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 9.8 |
2023-08-07 | CVE-2023-4200 | Mayurik | SQL Injection vulnerability in Mayurik Inventory Management System 1.0 A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. | 9.8 |
2023-08-07 | CVE-2023-23757 | Bestaddon | SQL Injection vulnerability in Bestaddon Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 |
2023-08-07 | CVE-2023-23758 | Creative Solutions | SQL Injection vulnerability in Creative-Solutions Creative Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 |
2023-08-07 | CVE-2023-34476 | Mooj | SQL Injection vulnerability in Mooj Proforms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 |
2023-08-07 | CVE-2023-34477 | Braincert | SQL Injection vulnerability in Braincert Virtual Classroom Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 |
2023-08-07 | CVE-2023-38044 | Hikashop | SQL Injection vulnerability in Hikashop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 |
2023-08-07 | CVE-2023-32090 | Pega | Improper Authentication vulnerability in Pega Platform Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | 9.8 |
2023-08-07 | CVE-2023-4192 | Resort Reservation System Project | SQL Injection vulnerability in Resort Reservation System Project Resort Reservation System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. | 9.8 |
2023-08-07 | CVE-2023-4193 | Resort Reservation System Project | SQL Injection vulnerability in Resort Reservation System Project Resort Reservation System 1.0 A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. | 9.8 |
2023-08-11 | CVE-2022-29887 | Intel | Cross-site Scripting vulnerability in Intel Manageability Commander Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.6 |
2023-08-11 | CVE-2023-27515 | Intel | Cross-site Scripting vulnerability in Intel Driver & Support Assistant Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. | 9.6 |
2023-08-09 | CVE-2023-39007 | Opnsense | Cross-site Scripting vulnerability in Opnsense /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 |
2023-08-08 | CVE-2023-3526 | Phoenixcontact | Cross-site Scripting vulnerability in Phoenixcontact products In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser. | 9.6 |
2023-08-13 | CVE-2021-46895 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of defects introduced in the design process in the Multi-Device Task Center. | 9.1 |
2023-08-13 | CVE-2023-39385 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of configuration defects in the media module of certain products.. | 9.1 |
2023-08-13 | CVE-2023-39398 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-13 | CVE-2023-39399 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-13 | CVE-2023-39400 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-13 | CVE-2023-39401 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-13 | CVE-2023-39402 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-13 | CVE-2023-39403 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the installd module. | 9.1 |
2023-08-11 | CVE-2020-27514 | Zrlog | Path Traversal vulnerability in Zrlog 2.1.5 Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | 9.1 |
2023-08-11 | CVE-2023-40260 | Empowerid | Improper Authentication vulnerability in Empowerid 7.205.0.0 EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). | 9.1 |
2023-08-10 | CVE-2023-32565 | Ivanti | Unspecified vulnerability in Ivanti Avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
2023-08-10 | CVE-2023-32566 | Ivanti | Unspecified vulnerability in Ivanti Avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
2023-08-09 | CVE-2023-33241 | Gg20 Project Gg18 Project | Injection vulnerability in multiple products Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. | 9.1 |
2023-08-09 | CVE-2023-33468 | Kramerav | Incorrect Authorization vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. | 9.1 |
2023-08-09 | CVE-2023-33934 | Apache | HTTP Request Smuggling vulnerability in Apache Traffic Server Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 9.1 |
2023-08-07 | CVE-2023-39525 | Prestashop | Path Traversal vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
2023-08-07 | CVE-2023-39529 | Prestashop | Unspecified vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
2023-08-07 | CVE-2023-39530 | Prestashop | Improper Input Validation vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
2023-08-08 | CVE-2023-37490 | SAP | Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. | 9.0 |
343 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-08-11 | CVE-2020-23595 | Yzmcms | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6 Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | 8.8 |
2023-08-11 | CVE-2020-24922 | Xuxueli | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | 8.8 |
2023-08-11 | CVE-2020-24950 | Thedaylightstudio | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | 8.8 |
2023-08-11 | CVE-2020-28848 | Churchcrm | Injection vulnerability in Churchcrm 4.2.0 CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | 8.8 |
2023-08-11 | CVE-2020-36037 | Wuzhicms | Unspecified vulnerability in Wuzhicms 4.1.0 An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | 8.8 |
2023-08-11 | CVE-2021-29378 | Pearadmin | SQL Injection vulnerability in Pearadmin Pear Admin Think 2.1.2 SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | 8.8 |
2023-08-11 | CVE-2023-32267 | Microfocus | Unspecified vulnerability in Microfocus Arcsight Management Center A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. | 8.8 |
2023-08-11 | CVE-2023-39417 | Postgresql Redhat Debian | SQL Injection vulnerability in multiple products IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). | 8.8 |
2023-08-11 | CVE-2023-28380 | Intel | Uncontrolled Search Path Element vulnerability in Intel AI Hackathon Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2023-08-10 | CVE-2023-31209 | Tribe29 Checkmk | Injection vulnerability in multiple products Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
2023-08-10 | CVE-2023-4276 | Johnkolbert | Unspecified vulnerability in Johnkolbert Absolute Privacy 2.1 The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. | 8.8 |
2023-08-09 | CVE-2023-38348 | LW Systems | Cross-Site Request Forgery (CSRF) vulnerability in Lw-Systems Benno Mailarchiv A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | 8.8 |
2023-08-09 | CVE-2022-48591 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48592 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48593 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48594 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48595 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48596 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48597 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48598 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48599 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48600 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48601 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48602 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48603 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48604 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48580 | Sciencelogic | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
2023-08-09 | CVE-2022-48581 | Sciencelogic | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
2023-08-09 | CVE-2022-48582 | Sciencelogic | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
2023-08-09 | CVE-2022-48583 | Sciencelogic | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |
2023-08-09 | CVE-2022-48584 | Sciencelogic | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |
2023-08-09 | CVE-2022-48585 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48586 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48587 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48588 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48589 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2022-48590 | Sciencelogic | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
2023-08-09 | CVE-2023-31452 | Paessler | Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 8.8 |
2023-08-09 | CVE-2023-23574 | Nozominetworks | SQL Injection vulnerability in Nozominetworks CMC and Guardian A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | 8.8 |
2023-08-09 | CVE-2023-37861 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device. | 8.8 |
2023-08-09 | CVE-2023-2905 | Cesanta | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10 Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. | 8.8 |
2023-08-09 | CVE-2023-4243 | Full | Unrestricted Upload of File with Dangerous Type vulnerability in Full - Customer The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. | 8.8 |
2023-08-08 | CVE-2023-36899 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework ASP.NET Elevation of Privilege Vulnerability | 8.8 |
2023-08-08 | CVE-2023-29328 | Microsoft | Unspecified vulnerability in Microsoft Teams Microsoft Teams Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-29330 | Microsoft | Unspecified vulnerability in Microsoft Teams Microsoft Teams Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-35368 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-35381 | Microsoft | Unspecified vulnerability in Microsoft products Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-35387 | Microsoft | Unspecified vulnerability in Microsoft products Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | 8.8 |
2023-08-08 | CVE-2023-36541 | Zoom | Insufficient Verification of Data Authenticity vulnerability in Zoom Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | 8.8 |
2023-08-08 | CVE-2023-36882 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-38169 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SQL OLE DB Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-38181 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.8 |
2023-08-08 | CVE-2023-38185 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 |
2023-08-08 | CVE-2023-38759 | Wger | Cross-Site Request Forgery (CSRF) vulnerability in Wger Workout Manager 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | 8.8 |
2023-08-08 | CVE-2023-27411 | Siemens | SQL Injection vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3 A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). | 8.8 |
2023-08-08 | CVE-2023-37569 | Esds CO | OS Command Injection vulnerability in Esds.Co Emagic Data Center Management This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. | 8.8 |
2023-08-08 | CVE-2023-37570 | Esds CO | Insufficient Session Expiration vulnerability in Esds.Co Emagic Data Center Management This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. | 8.8 |
2023-08-08 | CVE-2023-3570 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | 8.8 |
2023-08-08 | CVE-2023-3571 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | 8.8 |
2023-08-08 | CVE-2023-3573 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | 8.8 |
2023-08-08 | CVE-2023-37491 | SAP | Incorrect Authorization vulnerability in SAP Message Server The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. | 8.8 |
2023-08-07 | CVE-2023-39523 | Nexb | Command Injection vulnerability in Nexb Scancode.Io ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. | 8.8 |
2023-08-07 | CVE-2023-36499 | Netgear | Classic Buffer Overflow vulnerability in Netgear Xr300 Firmware 1.0.3.78 Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | 8.8 |
2023-08-07 | CVE-2023-38412 | Netgear | Classic Buffer Overflow vulnerability in Netgear R6900P Firmware 1.3.3.154 Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | 8.8 |
2023-08-07 | CVE-2023-38591 | Netgear | Classic Buffer Overflow vulnerability in Netgear Dg834Gv5 Firmware 1.6.01.34 Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | 8.8 |
2023-08-07 | CVE-2023-38921 | Netgear | Command Injection vulnerability in Netgear Wag302V2 Firmware and Wg302V2 Firmware Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | 8.8 |
2023-08-07 | CVE-2023-38922 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | 8.8 |
2023-08-07 | CVE-2023-38925 | Netgear | Classic Buffer Overflow vulnerability in Netgear Dc112A Firmware, Ex6200 Firmware and R6300V2 Firmware Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | 8.8 |
2023-08-07 | CVE-2023-38926 | Netgear | Classic Buffer Overflow vulnerability in Netgear Ex6200 Firmware 1.0.3.94 Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | 8.8 |
2023-08-07 | CVE-2023-39550 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | 8.8 |
2023-08-07 | CVE-2023-2843 | Multiparcels | Unspecified vulnerability in Multiparcels Shipping for Woocommerce The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | 8.8 |
2023-08-07 | CVE-2023-39528 | Prestashop | Path Traversal vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 8.6 |
2023-08-09 | CVE-2023-37862 | Phoenixcontact | Missing Authorization vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. | 8.2 |
2023-08-10 | CVE-2023-39954 | Nextcloud | Missing Encryption of Sensitive Data vulnerability in Nextcloud User Oidc user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. | 8.1 |
2023-08-09 | CVE-2023-33242 | Lindell17 Project | Injection vulnerability in Lindell17 Project Lindell17 Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | 8.1 |
2023-08-08 | CVE-2023-39214 | Zoom | Exposure of Resource to Wrong Sphere vulnerability in Zoom Meeting Software Development Kit, Rooms and Zoom Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | 8.1 |
2023-08-07 | CVE-2023-39349 | Sentry | Improper Access Control vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 8.1 |
2023-08-07 | CVE-2023-3365 | Multiparcels | Unspecified vulnerability in Multiparcels Shipping for Woocommerce The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment | 8.1 |
2023-08-11 | CVE-2022-44611 | Intel | Unspecified vulnerability in Intel products Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 8.0 |
2023-08-08 | CVE-2023-35388 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2023-08-08 | CVE-2023-36891 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Spoofing Vulnerability | 8.0 |
2023-08-08 | CVE-2023-36892 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Spoofing Vulnerability | 8.0 |
2023-08-08 | CVE-2023-38182 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2023-08-11 | CVE-2023-22955 | Audiocodes | Insufficient Verification of Data Authenticity vulnerability in Audiocodes products An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. | 7.8 |
2023-08-11 | CVE-2020-24222 | Rockcarry | Classic Buffer Overflow vulnerability in Rockcarry Ffjpeg Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | 7.8 |
2023-08-11 | CVE-2020-28840 | Matthiaswandel | Classic Buffer Overflow vulnerability in Matthiaswandel Jhead Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | 7.8 |
2023-08-11 | CVE-2021-28427 | Xnview | Classic Buffer Overflow vulnerability in Xnview 2.49.3 Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | 7.8 |
2023-08-11 | CVE-2021-28835 | Xnview | Classic Buffer Overflow vulnerability in Xnview Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. | 7.8 |
2023-08-11 | CVE-2022-25864 | Intel | Uncontrolled Search Path Element vulnerability in Intel Oneapi Math Kernel Library Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2022-29470 | Intel | Unspecified vulnerability in Intel Dynamic Tuning Technology Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2022-29871 | Intel | Unspecified vulnerability in Intel Converged Security Management Engine Firmware Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2022-38076 | Intel Fedoraproject Debian | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2022-43456 | Intel | Untrusted Search Path vulnerability in Intel Rapid Storage Technology Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2022-45112 | Intel | Unspecified vulnerability in Intel Virtual Raid on CPU Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-25182 | Intel | Uncontrolled Search Path Element vulnerability in Intel Unite Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-25773 | Intel | Unspecified vulnerability in Intel Unite Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-25944 | Intel | Uncontrolled Search Path Element vulnerability in Intel Vcust Tool Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-26587 | Intel | Improper Input Validation vulnerability in Intel Easy Streaming Wizard Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-27505 | Intel | Incorrect Default Permissions vulnerability in Intel Advanced Link Analyzer Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-27506 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Optimization for Tensorflow Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-27509 | Intel | Unspecified vulnerability in Intel Ispc Software Installer Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | 7.8 |
2023-08-11 | CVE-2023-28405 | Intel | Uncontrolled Search Path Element vulnerability in Intel Openvino 2018 Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-28658 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-29151 | Intel | Uncontrolled Search Path Element vulnerability in Intel Platform Service Record Software Development KIT Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-31246 | Intel | Incorrect Default Permissions vulnerability in Intel Server Debug and Provisioning Tool Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-32543 | Intel | Incorrect Default Permissions vulnerability in Intel Intelligent Test System Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-32547 | Topconpositioning | Incorrect Default Permissions vulnerability in Topconpositioning Mavinci Desktop Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-32656 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-32663 | Intel | Incorrect Default Permissions vulnerability in Intel Realsense Software Development KIT Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-33867 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-33877 | Intel | Out-of-bounds Write vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-34427 | Intel | Unspecified vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-11 | CVE-2023-34438 | Intel | Race Condition vulnerability in Intel products Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-10 | CVE-2023-28129 | Ivanti | Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2 DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | 7.8 |
2023-08-10 | CVE-2023-39963 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 7.8 |
2023-08-10 | CVE-2023-4128 | Linux Redhat Fedoraproject | Use After Free vulnerability in multiple products A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. | 7.8 |
2023-08-10 | CVE-2022-47636 | Outsystems | Uncontrolled Search Path Element vulnerability in Outsystems Service Studio 11.53.30 A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. | 7.8 |
2023-08-10 | CVE-2023-39957 | Nextcloud | Path Traversal vulnerability in Nextcloud Talk Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. | 7.8 |
2023-08-10 | CVE-2023-29320 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. | 7.8 |
2023-08-10 | CVE-2023-38222 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38223 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38224 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38225 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38226 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38227 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38228 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38229 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38231 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38233 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38234 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-38246 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-10 | CVE-2023-30679 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30680 | Samsung | Improper Privilege Management vulnerability in Samsung Android 12.0/13.0 Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | 7.8 |
2023-08-10 | CVE-2023-30681 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 7.8 |
2023-08-10 | CVE-2023-30686 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30687 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30688 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30689 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30691 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. | 7.8 |
2023-08-10 | CVE-2023-30693 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30694 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 7.8 |
2023-08-10 | CVE-2023-30695 | Samsung | Out-of-bounds Write vulnerability in Samsung products Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. | 7.8 |
2023-08-10 | CVE-2023-30696 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 7.8 |
2023-08-10 | CVE-2023-30697 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0 An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 7.8 |
2023-08-10 | CVE-2023-30702 | Samsung | Out-of-bounds Write vulnerability in Samsung products Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. | 7.8 |
2023-08-09 | CVE-2023-33469 | Kramerav | Code Injection vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. | 7.8 |
2023-08-09 | CVE-2023-38211 | Adobe | Use After Free vulnerability in Adobe Dimension Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-09 | CVE-2023-38212 | Adobe | Heap-based Buffer Overflow vulnerability in Adobe Dimension Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-08-08 | CVE-2023-39211 | Zoom | Improper Privilege Management vulnerability in Zoom Rooms and Zoom Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | 7.8 |
2023-08-08 | CVE-2023-36344 | Dieboldnixdorf | Uncontrolled Search Path Element vulnerability in Dieboldnixdorf Vynamic View An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. | 7.8 |
2023-08-08 | CVE-2023-20555 | AMD | Out-of-bounds Write vulnerability in AMD products Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | 7.8 |
2023-08-08 | CVE-2023-20562 | AMD | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | 7.8 |
2023-08-08 | CVE-2023-35359 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35371 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35372 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35379 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35380 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35382 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35386 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-35390 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36540 | Zoom | Untrusted Search Path vulnerability in Zoom Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | 7.8 |
2023-08-08 | CVE-2023-36865 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36866 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36895 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36896 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36898 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 21H2 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36900 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-36904 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-38154 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 1809 and Windows Server 2019 Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-38170 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2023-08-08 | CVE-2023-38175 | Microsoft | Unspecified vulnerability in Microsoft Windows Defender Microsoft Windows Defender Elevation of Privilege Vulnerability | 7.8 |
2023-08-08 | CVE-2023-37646 | Bitberry | Path Traversal vulnerability in Bitberry File Opener 23.0 An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. | 7.8 |
2023-08-08 | CVE-2021-41544 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens Software Center A vulnerability has been identified in Siemens Software Center (All versions < V3.0). | 7.8 |
2023-08-08 | CVE-2022-39062 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Toolbox II 07.00/07.01 A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). | 7.8 |
2023-08-08 | CVE-2023-21627 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Memory corruption in Trusted Execution Environment while calling service API with invalid address. | 7.8 |
2023-08-08 | CVE-2023-21643 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to untrusted pointer dereference in automotive during system call. | 7.8 |
2023-08-08 | CVE-2023-21648 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in RIL while trying to send apdu packet. | 7.8 |
2023-08-08 | CVE-2023-21649 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in WLAN while running doDriverCmd for an unspecific command. | 7.8 |
2023-08-08 | CVE-2023-21650 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length. | 7.8 |
2023-08-08 | CVE-2023-21651 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | 7.8 |
2023-08-08 | CVE-2023-22666 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in Audio while playing amrwbplus clips with modified content. | 7.8 |
2023-08-08 | CVE-2023-28537 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption while allocating memory in COmxApeDec module in Audio. | 7.8 |
2023-08-08 | CVE-2023-28575 | Qualcomm | Type Confusion vulnerability in Qualcomm products The cam_get_device_priv function does not check the type of handle being returned (device/session/link). | 7.8 |
2023-08-08 | CVE-2023-28577 | Qualcomm | Use After Free vulnerability in Qualcomm products In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. | 7.8 |
2023-08-08 | CVE-2023-28830 | Siemens | Use After Free vulnerability in Siemens products A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). | 7.8 |
2023-08-08 | CVE-2023-30795 | Siemens | Out-of-bounds Read vulnerability in Siemens JT Open, JT Utilities and Parasolid A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). | 7.8 |
2023-08-08 | CVE-2023-30796 | Siemens | Out-of-bounds Read vulnerability in Siemens JT Open Toolkit and JT Utilities A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). | 7.8 |
2023-08-08 | CVE-2023-38524 | Siemens | NULL Pointer Dereference vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 7.8 |
2023-08-08 | CVE-2023-38525 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 7.8 |
2023-08-08 | CVE-2023-38526 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 7.8 |
2023-08-08 | CVE-2023-38527 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). | 7.8 |
2023-08-08 | CVE-2023-38528 | Siemens | Out-of-bounds Write vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 7.8 |
2023-08-08 | CVE-2023-38529 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). | 7.8 |
2023-08-08 | CVE-2023-38530 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 7.8 |
2023-08-08 | CVE-2023-38531 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). | 7.8 |
2023-08-08 | CVE-2023-38641 | Siemens | Unspecified vulnerability in Siemens Sicam Toolbox II 07.00/07.01 A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). | 7.8 |
2023-08-08 | CVE-2023-38679 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-08-08 | CVE-2023-38680 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-08-08 | CVE-2023-38681 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). | 7.8 |
2023-08-08 | CVE-2023-38682 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). | 7.8 |
2023-08-08 | CVE-2023-38683 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). | 7.8 |
2023-08-08 | CVE-2023-39181 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39182 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39183 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39184 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39185 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39186 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39187 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39188 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39419 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). | 7.8 |
2023-08-08 | CVE-2023-39549 | Siemens | Use After Free vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). | 7.8 |
2023-08-08 | CVE-2023-36923 | SAP | Code Injection vulnerability in SAP Powerdesigner 16.7 SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. | 7.8 |
2023-08-07 | CVE-2023-39520 | Cryptomator | Improper Privilege Management vulnerability in Cryptomator Cryptomator encrypts data being stored on cloud infrastructure. | 7.8 |
2023-08-07 | CVE-2023-4147 | Linux Fedoraproject Redhat Debian | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. | 7.8 |
2023-08-07 | CVE-2023-3896 | VIM | Divide By Zero vulnerability in VIM 9.0.1367 Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 | 7.8 |
2023-08-10 | CVE-2023-39962 | Nextcloud | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 7.7 |
2023-08-13 | CVE-2023-39386 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameters being not strictly verified in the PMS module. | 7.5 |
2023-08-13 | CVE-2023-39390 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameter verification in certain APIs in the window management module. | 7.5 |
2023-08-13 | CVE-2023-39391 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of system file information leakage in the USB Service module. | 7.5 |
2023-08-13 | CVE-2023-39394 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of API privilege escalation in the wifienhance module. | 7.5 |
2023-08-13 | CVE-2023-39395 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Mismatch vulnerability in the serialization process in the communication system. | 7.5 |
2023-08-13 | CVE-2023-39397 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos Input parameter verification vulnerability in the communication system. | 7.5 |
2023-08-13 | CVE-2023-39404 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameter verification in certain APIs in the window management module. | 7.5 |
2023-08-13 | CVE-2023-39406 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the XLayout component. | 7.5 |
2023-08-13 | CVE-2023-39380 | Huawei | Improper Authentication vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the audio module. | 7.5 |
2023-08-13 | CVE-2023-39381 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Input verification vulnerability in the storage module. | 7.5 |
2023-08-13 | CVE-2023-39382 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Input verification vulnerability in the audio module. | 7.5 |
2023-08-13 | CVE-2023-39383 | Huawei | Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameters being not strictly verified in the AMS module. | 7.5 |
2023-08-13 | CVE-2023-39384 | Huawei | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Vulnerability of incomplete permission verification in the input method module. | 7.5 |
2023-08-13 | CVE-2023-39388 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameters being not strictly verified in the PMS module. | 7.5 |
2023-08-13 | CVE-2023-39389 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Vulnerability of input parameters being not strictly verified in the PMS module. | 7.5 |
2023-08-13 | CVE-2023-39392 | Huawei | Improper Verification of Cryptographic Signature vulnerability in Huawei Emui and Harmonyos Vulnerability of insecure signatures in the OsuLogin module. | 7.5 |
2023-08-13 | CVE-2023-39393 | Huawei | Improper Verification of Cryptographic Signature vulnerability in Huawei Emui and Harmonyos Vulnerability of insecure signatures in the ServiceWifiResources module. | 7.5 |
2023-08-13 | CVE-2023-39396 | Huawei | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos Deserialization vulnerability in the input module. | 7.5 |
2023-08-11 | CVE-2023-22956 | Audiocodes | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. | 7.5 |
2023-08-11 | CVE-2023-22957 | Audiocodes | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. | 7.5 |
2023-08-11 | CVE-2020-35139 | Facuet | Infinite Loop vulnerability in Facuet RYU 4.34 An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 7.5 |
2023-08-11 | CVE-2020-35141 | Facuet | Infinite Loop vulnerability in Facuet RYU 4.34 An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 7.5 |
2023-08-11 | CVE-2020-36136 | Cskaza | SQL Injection vulnerability in Cskaza Cszcms 1.2.9 SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | 7.5 |
2023-08-11 | CVE-2020-36138 | Ffmpeg | NULL Pointer Dereference vulnerability in Ffmpeg 4.3 An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | 7.5 |
2023-08-11 | CVE-2021-26504 | Dgtl | Path Traversal vulnerability in Dgtl Huemagic 3.0.0 Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js. | 7.5 |
2023-08-11 | CVE-2023-39534 | Eprosima Debian | Reachable Assertion vulnerability in multiple products eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39945 | Eprosima Debian | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39946 | Eprosima Debian | Out-of-bounds Write vulnerability in multiple products eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39947 | Eprosima Debian | Out-of-bounds Write vulnerability in multiple products eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39948 | Eprosima Debian | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39949 | Eprosima Debian | Reachable Assertion vulnerability in multiple products eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. | 7.5 |
2023-08-11 | CVE-2023-39553 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Drill Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. | 7.5 |
2023-08-11 | CVE-2023-4108 | Mattermost | Information Exposure Through Log Files vulnerability in Mattermost Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged | 7.5 |
2023-08-11 | CVE-2023-3823 | PHP Fedoraproject Debian | XXE vulnerability in multiple products In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. | 7.5 |
2023-08-11 | CVE-2022-36392 | Intel | Unspecified vulnerability in Intel Converged Security Management Engine Firmware Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-08-10 | CVE-2023-32561 | Ivanti | Unspecified vulnerability in Ivanti Avalanche A previously generated artifact by an administrator could be accessed by an attacker. | 7.5 |
2023-08-10 | CVE-2023-39964 | Fit2Cloud | Path Traversal vulnerability in Fit2Cloud 1Panel 1.4.3 1Panel is an open source Linux server operation and maintenance management panel. | 7.5 |
2023-08-10 | CVE-2023-37543 | Cacti | Authorization Bypass Through User-Controlled Key vulnerability in Cacti Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. | 7.5 |
2023-08-10 | CVE-2023-38830 | Phpjabbers | Exposure of Resource to Wrong Sphere vulnerability in PHPjabbers Yacht Listing Script 1.0 An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. | 7.5 |
2023-08-09 | CVE-2023-39003 | Opnsense | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 |
2023-08-09 | CVE-2023-39005 | Opnsense | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 |
2023-08-09 | CVE-2023-40012 | Trailofbits | Missing Required Cryptographic Step vulnerability in Trailofbits Uthenticode uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. | 7.5 |
2023-08-09 | CVE-2023-33953 | Grpc | Excessive Iteration vulnerability in Grpc gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. | 7.5 |
2023-08-09 | CVE-2023-38207 | Adobe | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. | 7.5 |
2023-08-09 | CVE-2022-47185 | Apache | Improper Input Validation vulnerability in Apache Traffic Server Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 7.5 |
2023-08-09 | CVE-2023-37860 | Phoenixcontact | Missing Authorization vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. | 7.5 |
2023-08-09 | CVE-2023-39910 | Libbitcoin | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Libbitcoin Explorer The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. | 7.5 |
2023-08-08 | CVE-2023-39086 | Asus | Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ac66U B1 Firmware 3.0.0.4.28651665 ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | 7.5 |
2023-08-08 | CVE-2023-35391 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-38180 | Microsoft Fedoraproject | .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
2023-08-08 | CVE-2023-39533 | Libp2P | Allocation of Resources Without Limits or Throttling vulnerability in Libp2P Go-Libp2P 0.28.0/0.29.0 go-libp2p is the Go implementation of the libp2p Networking Stack. | 7.5 |
2023-08-08 | CVE-2023-35383 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-36532 | Zoom | Out-of-bounds Write vulnerability in Zoom Rooms and Zoom Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | 7.5 |
2023-08-08 | CVE-2023-36533 | Zoom | Unspecified vulnerability in Zoom products Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | 7.5 |
2023-08-08 | CVE-2023-36905 | Microsoft | Unspecified vulnerability in Microsoft products Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-36906 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-36907 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-36912 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-08-08 | CVE-2023-36913 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
2023-08-08 | CVE-2023-38172 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-08-08 | CVE-2023-38178 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET Core and Visual Studio Denial of Service Vulnerability | 7.5 |
2023-08-08 | CVE-2023-38184 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
2023-08-08 | CVE-2023-39217 | Zoom | Unspecified vulnerability in Zoom products Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | 7.5 |
2023-08-08 | CVE-2023-3894 | Fasterxml | Out-of-bounds Write vulnerability in Fasterxml Jackson-Dataformats-Text Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). | 7.5 |
2023-08-08 | CVE-2023-38760 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | 7.5 |
2023-08-08 | CVE-2023-38762 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38764 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38765 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38767 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38768 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38769 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38770 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38771 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-38773 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | 7.5 |
2023-08-08 | CVE-2023-24698 | Foswiki | Path Traversal vulnerability in Foswiki Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. | 7.5 |
2023-08-08 | CVE-2023-2423 | Rockwellautomation | Incorrect Calculation vulnerability in Rockwellautomation Armor Powerflex Firmware A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. | 7.5 |
2023-08-08 | CVE-2023-33756 | Foswiki | Path Traversal vulnerability in Foswiki An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | 7.5 |
2023-08-08 | CVE-2023-4219 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability was found in SourceCodester Doctors Appointment System 1.0. | 7.5 |
2023-08-08 | CVE-2023-21625 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure in Network Services due to buffer over-read while the device receives DNS response. | 7.5 |
2023-08-08 | CVE-2023-28555 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in Audio while remapping channel buffer in media codec decoding. | 7.5 |
2023-08-08 | CVE-2023-37373 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3 A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). | 7.5 |
2023-08-08 | CVE-2023-39269 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens Ruggedcom ROS A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. | 7.5 |
2023-08-08 | CVE-2023-33993 | SAP | SQL Injection vulnerability in SAP Business ONE 10.0 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. | 7.5 |
2023-08-08 | CVE-2023-37486 | SAP | Information Exposure Through Caching vulnerability in SAP Commerce Cloud and Commerce Hycom Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. | 7.5 |
2023-08-07 | CVE-2023-4012 | Ntpsec | Unspecified vulnerability in Ntpsec 1.2.2 ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). | 7.5 |
2023-08-07 | CVE-2023-4199 | Mayurik | SQL Injection vulnerability in Mayurik Inventory Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. | 7.5 |
2023-08-07 | CVE-2023-32783 | Zohocorp | Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1 The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. | 7.5 |
2023-08-07 | CVE-2021-24916 | Themeum | Unspecified vulnerability in Themeum Qubely The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action. | 7.5 |
2023-08-07 | CVE-2023-0425 | ABB | Numeric Range Comparison Without Minimum Check vulnerability in ABB products ABB is aware of vulnerabilities in the product versions listed below. | 7.5 |
2023-08-07 | CVE-2023-0426 | ABB | Stack-based Buffer Overflow vulnerability in ABB products ABB is aware of vulnerabilities in the product versions listed below. | 7.5 |
2023-08-07 | CVE-2022-48579 | Rarlab | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
2023-08-11 | CVE-2023-22841 | Intel | Uncontrolled Search Path Element vulnerability in Intel Server Firmware Update Utility Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-08-11 | CVE-2023-23577 | Intel | Uncontrolled Search Path Element vulnerability in Intel ITE Tech Consumer Infrared Driver Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-08-11 | CVE-2023-24016 | Intel | Uncontrolled Search Path Element vulnerability in Intel Quartus Prime Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-08-11 | CVE-2023-28823 | Intel | Uncontrolled Search Path Element vulnerability in Intel products Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-08-11 | CVE-2023-34355 | Intel | Uncontrolled Search Path Element vulnerability in Intel Integrated BMC Video Driver 1.0/1.10.03/2.0 Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-08-09 | CVE-2023-36673 | Avira | Cleartext Transmission of Sensitive Information vulnerability in Avira Phantom VPN 2.23.1 An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. | 7.3 |
2023-08-09 | CVE-2023-3518 | Hashicorp | Unspecified vulnerability in Hashicorp Consul 1.16.0 HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. | 7.3 |
2023-08-11 | CVE-2021-25857 | Supermicro CMS Project | Unspecified vulnerability in Supermicro-Cms Project Supermicro-Cms 3.11 An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php. | 7.2 |
2023-08-11 | CVE-2023-3864 | Snowsoftware | SQL Injection vulnerability in Snowsoftware Snow License Manager 9.27/9.29/9.30 Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | 7.2 |
2023-08-11 | CVE-2023-25757 | Intel | Unspecified vulnerability in Intel Unison Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
2023-08-11 | CVE-2023-35179 | Solarwinds | Improper Access Control vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. | 7.2 |
2023-08-10 | CVE-2023-40225 | Haproxy | HTTP Request Smuggling vulnerability in Haproxy HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. | 7.2 |
2023-08-09 | CVE-2023-38997 | Opnsense | Path Traversal vulnerability in Opnsense A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | 7.2 |
2023-08-09 | CVE-2023-32781 | Paessler | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
2023-08-09 | CVE-2023-32782 | Paessler | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
2023-08-09 | CVE-2023-38208 | Adobe | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |
2023-08-09 | CVE-2023-37857 | Phoenixcontact | Use of Hard-coded Credentials vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. | 7.2 |
2023-08-09 | CVE-2023-37859 | Phoenixcontact | Improper Privilege Management vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | 7.2 |
2023-08-09 | CVE-2023-37863 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 7.2 |
2023-08-09 | CVE-2023-37864 | Phoenixcontact | Download of Code Without Integrity Check vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 7.2 |
2023-08-08 | CVE-2023-38167 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2023 Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability | 7.2 |
2023-08-08 | CVE-2023-37687 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Online Nurse Hiring System 1.0 Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | 7.2 |
2023-08-08 | CVE-2023-4009 | Mongodb | Improper Privilege Management vulnerability in Mongodb OPS Manager Server In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | 7.2 |
2023-08-07 | CVE-2023-36220 | Textpattern | Path Traversal vulnerability in Textpattern 4.8.8 Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | 7.2 |
2023-08-07 | CVE-2023-33913 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed | 7.2 | |
2023-08-11 | CVE-2022-38973 | Intel | Unspecified vulnerability in Intel ARC A750 Firmware and ARC A770 Firmware Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access. | 7.1 |
2023-08-10 | CVE-2023-23342 | Hcltech | Unspecified vulnerability in Hcltech HCL Nomad If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | 7.1 |
2023-08-09 | CVE-2023-23347 | Hcltech | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Iautomate 6.0/6.1/6.2 HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. | 7.1 |
2023-08-09 | CVE-2023-23346 | Hcltech | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Mycloud HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. | 7.1 |
2023-08-08 | CVE-2023-36876 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | 7.1 |
2023-08-08 | CVE-2023-21626 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | 7.1 |
2023-08-08 | CVE-2023-21652 | Qualcomm | Use of Hard-coded Credentials vulnerability in Qualcomm products Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | 7.1 |
2023-08-09 | CVE-2023-24477 | Nozominetworks | Session Fixation vulnerability in Nozominetworks CMC and Guardian In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. | 7.0 |
2023-08-08 | CVE-2023-35378 | Microsoft | Race Condition vulnerability in Microsoft products Windows Projected File System Elevation of Privilege Vulnerability | 7.0 |
2023-08-08 | CVE-2023-38176 | Microsoft | Unspecified vulnerability in Microsoft Azure Arc-Enabled Servers Azure Arc-Enabled Servers Elevation of Privilege Vulnerability | 7.0 |
2023-08-08 | CVE-2023-28576 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. | 7.0 |
319 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-08-12 | CVE-2023-4265 | Zephyrproject | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... | 6.8 |
2023-08-09 | CVE-2023-39531 | Sentry | Improper Authentication vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 6.8 |
2023-08-08 | CVE-2023-20589 | AMD | Unspecified vulnerability in AMD products An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | 6.8 |
2023-08-07 | CVE-2023-3492 | Cmscommander | Unspecified vulnerability in Cmscommander WP Shopping Pages 1.14 The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.8 |
2023-08-11 | CVE-2022-27635 | Intel Fedoraproject Debian | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-36372 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-37336 | Intel | Unspecified vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-37343 | Intel | Unspecified vulnerability in Intel products Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-40964 | Intel Fedoraproject Debian | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-41804 | Debian Fedoraproject Intel | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2022-46329 | Intel Fedoraproject Debian | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-22449 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-27391 | Intel | Unspecified vulnerability in Intel products Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-28385 | Intel | Unspecified vulnerability in Intel Next Unit of Computing Firmware Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | 6.7 |
2023-08-11 | CVE-2023-28714 | Intel | Unspecified vulnerability in Intel Proset/Wireless Wifi Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-28736 | Mdadm Project | Classic Buffer Overflow vulnerability in Mdadm Project Mdadm Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-29494 | Intel | Unspecified vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-32617 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-11 | CVE-2023-34086 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-08-09 | CVE-2023-4273 | Linux Fedoraproject Redhat Debian Netapp | Out-of-bounds Write vulnerability in multiple products A flaw was found in the exFAT driver of the Linux kernel. | 6.7 |
2023-08-07 | CVE-2023-20783 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In keyinstall, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20784 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In keyinstall, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20786 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In gps, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20795 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20797 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In camera middleware, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20804 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In imgsys, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-08-07 | CVE-2023-20805 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In imgsys, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-08-07 | CVE-2023-20806 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In hcp, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20807 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In dpe, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20808 | Out-of-bounds Write vulnerability in Google Android 11.0 In OPTEE, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20809 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In vdec, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-08-07 | CVE-2023-20811 | Google Linux | Out-of-bounds Write vulnerability in multiple products In IOMMU, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-08-07 | CVE-2023-20814 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-08-07 | CVE-2023-20815 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-08-07 | CVE-2023-20816 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-08-07 | CVE-2023-20817 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-08-12 | CVE-2023-4293 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. | 6.5 |
2023-08-11 | CVE-2020-24804 | CMS DEV | Information Exposure Through Log Files vulnerability in Cms-Dev CMS 1.4 Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. | 6.5 |
2023-08-11 | CVE-2020-24904 | Davesteele | Unspecified vulnerability in Davesteele Gnome-Gmail 2.5.4 An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link. | 6.5 |
2023-08-11 | CVE-2020-36023 | Freedesktop | Infinite Loop vulnerability in Freedesktop Poppler 20.12.1 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | 6.5 |
2023-08-11 | CVE-2021-29057 | Thoughtworks | Resource Exhaustion vulnerability in Thoughtworks Node-Worker-Threads-Pool 1.4.3 An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service. | 6.5 |
2023-08-11 | CVE-2023-4106 | Mattermost | Missing Authorization vulnerability in Mattermost Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | 6.5 |
2023-08-11 | CVE-2023-4107 | Mattermost | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. | 6.5 |
2023-08-11 | CVE-2022-36351 | Intel Fedoraproject Debian | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2023-08-11 | CVE-2022-40982 | Redhat XEN Intel Debian Netapp | Information Exposure Through Discrepancy vulnerability in multiple products Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 6.5 |
2023-08-10 | CVE-2023-40235 | Opengroup | Unspecified vulnerability in Opengroup Archi An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. | 6.5 |
2023-08-10 | CVE-2023-39952 | Nextcloud | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 6.5 |
2023-08-10 | CVE-2023-4277 | Pragmaticmates | Unspecified vulnerability in Pragmaticmates Realia 1.4.0 The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. | 6.5 |
2023-08-09 | CVE-2023-38999 | Opnsense | Cross-Site Request Forgery (CSRF) vulnerability in Opnsense A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 6.5 |
2023-08-09 | CVE-2023-22378 | Nozominetworks | SQL Injection vulnerability in Nozominetworks CMC and Guardian A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | 6.5 |
2023-08-09 | CVE-2023-24471 | Nozominetworks | Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions. | 6.5 |
2023-08-09 | CVE-2023-38209 | Adobe | Incorrect Authorization vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. | 6.5 |
2023-08-09 | CVE-2023-4239 | Webcodingplace | Unspecified vulnerability in Webcodingplace Real Estate Manager The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. | 6.5 |
2023-08-08 | CVE-2023-39209 | Zoom | Improper Input Validation vulnerability in Zoom Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | 6.5 |
2023-08-08 | CVE-2023-39951 | Linuxfoundation | Unspecified vulnerability in Linuxfoundation Opentelemetry Instrumentation for Java OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. | 6.5 |
2023-08-08 | CVE-2023-35376 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
2023-08-08 | CVE-2023-35377 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
2023-08-08 | CVE-2023-35384 | Microsoft | Unspecified vulnerability in Microsoft products Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
2023-08-08 | CVE-2023-35389 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36535 | Zoom | Unspecified vulnerability in Zoom Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | 6.5 |
2023-08-08 | CVE-2023-36890 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36893 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Outlook Spoofing Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36894 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36897 | Microsoft | Unspecified vulnerability in Microsoft products Visual Studio Tools for Office Runtime Spoofing Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36908 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
2023-08-08 | CVE-2023-36909 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
2023-08-08 | CVE-2023-38254 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
2023-08-08 | CVE-2023-38763 | Churchcrm | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | 6.5 |
2023-08-08 | CVE-2023-36136 | Phpjabbers | Cleartext Storage of Sensitive Information vulnerability in PHPjabbers Class Scheduling System 1.0 PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | 6.5 |
2023-08-08 | CVE-2023-21647 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | 6.5 |
2023-08-08 | CVE-2023-37492 | SAP | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2023-08-07 | CVE-2023-36054 | MIT Debian Netapp | Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. | 6.5 |
2023-08-07 | CVE-2023-38924 | Netgear | Classic Buffer Overflow vulnerability in Netgear Dgn3500 Firmware 1.1.00.37 Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | 6.5 |
2023-08-07 | CVE-2023-38157 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 6.5 |
2023-08-07 | CVE-2022-38795 | Gitea | Unspecified vulnerability in Gitea In Gitea through 1.17.1, repo cloning can occur in the migration function. | 6.5 |
2023-08-07 | CVE-2023-20800 | Linuxfoundation | In imgsys, there is a possible system crash due to a mssing ptr check. | 6.5 |
2023-08-07 | CVE-2023-20802 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In imgsys, there is a possible memory corruption due to improper input validation. | 6.5 |
2023-08-07 | CVE-2023-20803 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In imgsys, there is a possible memory corruption due to improper input validation. | 6.5 |
2023-08-11 | CVE-2023-34349 | Intel | Race Condition vulnerability in Intel products Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.4 |
2023-08-07 | CVE-2023-20785 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0/13.0 In audio, there is a possible out of bounds write due to a missing bounds check. | 6.4 | |
2023-08-07 | CVE-2023-20787 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0 In thermal, there is a possible use after free due to a race condition. | 6.4 | |
2023-08-07 | CVE-2023-20788 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0 In thermal, there is a possible use after free due to a race condition. | 6.4 | |
2023-08-07 | CVE-2023-20801 | Linuxfoundation | Use After Free vulnerability in multiple products In imgsys, there is a possible use after free due to a race condition. | 6.4 |
2023-08-09 | CVE-2023-36671 | Clario | Cleartext Transmission of Sensitive Information vulnerability in Clario VPN 5.9.1.1662 An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. | 6.3 |
2023-08-08 | CVE-2023-36869 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server Azure DevOps Server Spoofing Vulnerability | 6.3 |
2023-08-13 | CVE-2023-23208 | Genesys | Cross-site Scripting vulnerability in Genesys Administrator Extension Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. | 6.1 |
2023-08-11 | CVE-2023-0871 | Opennms | XXE vulnerability in Opennms Horizon and Meridian XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. | 6.1 |
2023-08-11 | CVE-2020-19952 | JBT | Cross-site Scripting vulnerability in JBT Live (Github-Flavored) Markdown Editor Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | 6.1 |
2023-08-11 | CVE-2020-20523 | Gilacms | Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.3 Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | 6.1 |
2023-08-11 | CVE-2020-24075 | Laborator | Cross-site Scripting vulnerability in Laborator Kalium Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | 6.1 |
2023-08-11 | CVE-2020-24872 | Lepton CMS | Cross-site Scripting vulnerability in Lepton-Cms Leptoncms 4.7.0 Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. | 6.1 |
2023-08-11 | CVE-2020-27449 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 6.1 |
2023-08-11 | CVE-2020-28717 | Kindsoft | Cross-site Scripting vulnerability in Kindsoft Kindeditor 4.1.12 Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code. | 6.1 |
2023-08-11 | CVE-2021-27524 | Margox | Cross-site Scripting vulnerability in Margox Braft-Editor 2.3.8 Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | 6.1 |
2023-08-10 | CVE-2023-38333 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 6.1 |
2023-08-10 | CVE-2023-40224 | Misp | Cross-site Scripting vulnerability in Misp 2.4.174 MISP 2.4.174 allows XSS in app/View/Events/index.ctp. | 6.1 |
2023-08-10 | CVE-2023-36309 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0 There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | 6.1 |
2023-08-10 | CVE-2023-36310 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0 There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | 6.1 |
2023-08-10 | CVE-2023-36313 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0 PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". | 6.1 |
2023-08-10 | CVE-2023-36314 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0 There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. | 6.1 |
2023-08-10 | CVE-2023-36315 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0 There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. | 6.1 |
2023-08-10 | CVE-2023-39955 | Nextcloud | Cross-site Scripting vulnerability in Nextcloud Notes Notes is a note-taking app for Nextcloud, an open-source cloud platform. | 6.1 |
2023-08-10 | CVE-2023-28779 | Simplecoding | Cross-site Scripting vulnerability in Simplecoding Terms Descriptions 3.4.4 Unauth. | 6.1 |
2023-08-10 | CVE-2023-39314 | TE ST | Cross-site Scripting vulnerability in Te-St Leyka Unauth. | 6.1 |
2023-08-10 | CVE-2023-23900 | Yikesinc | Cross-site Scripting vulnerability in Yikesinc Easy Forms for Mailchimp Unauth. | 6.1 |
2023-08-10 | CVE-2023-30481 | Profosbox | Cross-site Scripting vulnerability in Profosbox AGP Font Awesome Collection 3.2.4 Unauth. | 6.1 |
2023-08-10 | CVE-2023-37988 | Creative Solutions | Cross-site Scripting vulnerability in Creative-Solutions Contact Form Generator 2.5.5 Unauth. | 6.1 |
2023-08-10 | CVE-2022-27861 | Arscode | Open Redirect vulnerability in Arscode Ninja Popups Unauth. | 6.1 |
2023-08-09 | CVE-2023-38347 | LW Systems | Cross-site Scripting vulnerability in Lw-Systems Benno Mailarchiv An issue was discovered in LWsystems Benno MailArchiv 2.10.1. | 6.1 |
2023-08-09 | CVE-2023-38998 | Opnsense | Open Redirect vulnerability in Opnsense An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 6.1 |
2023-08-09 | CVE-2023-39000 | Opnsense | Cross-site Scripting vulnerability in Opnsense A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path. | 6.1 |
2023-08-09 | CVE-2023-39002 | Opnsense | Cross-site Scripting vulnerability in Opnsense A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2023-08-08 | CVE-2023-38761 | Churchcrm | Cross-site Scripting vulnerability in Churchcrm 5.0.0 Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. | 6.1 |
2023-08-08 | CVE-2023-36306 | Adiscon | Cross-site Scripting vulnerability in Adiscon Loganalyzer A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | 6.1 |
2023-08-08 | CVE-2023-3652 | Digital ANT | Cross-site Scripting vulnerability in Digital-Ant Digital ANT Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. | 6.1 |
2023-08-08 | CVE-2023-38384 | Syntacticsinc | Cross-site Scripting vulnerability in Syntacticsinc Easync Unauth. | 6.1 |
2023-08-08 | CVE-2023-24409 | I13Websolution | Cross-site Scripting vulnerability in I13Websolution WP Responsive Tabs Horizontal Vertical and Accordion Tabs Unauth. | 6.1 |
2023-08-08 | CVE-2023-24413 | I13Websolution | Cross-site Scripting vulnerability in I13Websolution Wordpress Vertical Image Slider Unauth. | 6.1 |
2023-08-08 | CVE-2023-27627 | Eggemplo | Cross-site Scripting vulnerability in Eggemplo Woocommerce Email Report 2.4 Unauth. | 6.1 |
2023-08-08 | CVE-2023-27412 | Everestthemes | Cross-site Scripting vulnerability in Everestthemes Mocho Blog 1.0.4 Unauth. | 6.1 |
2023-08-08 | CVE-2023-27421 | Everestthemes | Cross-site Scripting vulnerability in Everestthemes Everest News 1.1.0 Unauth. | 6.1 |
2023-08-08 | CVE-2023-32503 | Gtmetrix | Cross-site Scripting vulnerability in Gtmetrix Unauth. | 6.1 |
2023-08-08 | CVE-2023-37488 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Process Integration 7.50 In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. | 6.1 |
2023-08-07 | CVE-2023-39527 | Prestashop | Improper Encoding or Escaping of Output vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 6.1 |
2023-08-07 | CVE-2023-38045 | Admiror Design Studio | Cross-site Scripting vulnerability in Admiror-Design-Studio Admiror Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. | 6.1 |
2023-08-07 | CVE-2023-3524 | Wpcode | Unspecified vulnerability in Wpcode The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 6.1 |
2023-08-07 | CVE-2023-3671 | Multiparcels | Unspecified vulnerability in Multiparcels Shipping for Woocommerce The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-08-07 | CVE-2023-38392 | Wpgogo | Cross-site Scripting vulnerability in Wpgogo Custom Field Template Unauth. | 6.1 |
2023-08-08 | CVE-2023-36873 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework .NET Framework Spoofing Vulnerability | 5.9 |
2023-08-07 | CVE-2023-39363 | Vyperlang | Incorrect Authorization vulnerability in Vyperlang Vyper 0.2.15/0.2.16/0.3.0 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). | 5.9 |
2023-08-08 | CVE-2023-39436 | SAP | Missing Authentication for Critical Function vulnerability in SAP Supplier Relationship Management SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | 5.8 |
2023-08-09 | CVE-2023-35838 | Wireguard | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wireguard 0.5.3 The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. | 5.7 |
2023-08-09 | CVE-2023-36672 | Clario | Cleartext Transmission of Sensitive Information vulnerability in Clario VPN 5.9.1.1662 An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. | 5.7 |
2023-08-11 | CVE-2020-24187 | Jerryscript | NULL Pointer Dereference vulnerability in Jerryscript 2.3.0 An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | 5.5 |
2023-08-11 | CVE-2020-24221 | Miniupnp Project | Infinite Loop vulnerability in Miniupnp Project Ngiflib 0.4 An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | 5.5 |
2023-08-11 | CVE-2020-35990 | Foxit | Classic Buffer Overflow vulnerability in Foxit PDF Reader 8.3.2.25013/9.0.1.1049 Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | 5.5 |
2023-08-11 | CVE-2020-36024 | Freedesktop | NULL Pointer Dereference vulnerability in Freedesktop Poppler 20.12.1 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | 5.5 |
2023-08-11 | CVE-2021-28025 | QT | Integer Overflow or Wraparound vulnerability in QT Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | 5.5 |
2023-08-11 | CVE-2021-28429 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.3.2 Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | 5.5 |
2023-08-11 | CVE-2021-3236 | VIM | NULL Pointer Dereference vulnerability in VIM 8.2.2348 vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. | 5.5 |
2023-08-11 | CVE-2022-44612 | Intel | Use of Hard-coded Credentials vulnerability in Intel Unison Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. | 5.5 |
2023-08-11 | CVE-2023-22338 | Intel Fedoraproject | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-08-11 | CVE-2023-22840 | Intel Fedoraproject | Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-08-11 | CVE-2023-28711 | Intel | Always-Incorrect Control Flow Implementation vulnerability in Intel Hyperscan Library Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-08-11 | CVE-2023-30760 | Intel | Out-of-bounds Read vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-08-11 | CVE-2023-32609 | Intel | Unspecified vulnerability in Intel Unite Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-08-11 | CVE-2023-37512 | Hcltech | Unspecified vulnerability in Hcltech Traveler Companion When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | 5.5 |
2023-08-11 | CVE-2023-37513 | Hcltech | Unspecified vulnerability in Hcltech Traveler to DO When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | 5.5 |
2023-08-10 | CVE-2023-40216 | Openbsd | Missing Authorization vulnerability in Openbsd 7.3 OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. | 5.5 |
2023-08-10 | CVE-2023-29303 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38210 | Adobe | Resource Exhaustion vulnerability in Adobe XMP Toolkit Software Development KIT Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. | 5.5 |
2023-08-10 | CVE-2023-38230 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38232 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38235 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38236 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38237 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38238 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38239 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38240 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38241 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38242 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38243 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38244 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38245 | Adobe | Information Exposure vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. | 5.5 |
2023-08-10 | CVE-2023-38247 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-38248 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-10 | CVE-2023-30654 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | 5.5 |
2023-08-10 | CVE-2023-30698 | Samsung | Unspecified vulnerability in Samsung Android 13.0 Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege. | 5.5 |
2023-08-10 | CVE-2023-30701 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. | 5.5 |
2023-08-10 | CVE-2023-30705 | Samsung | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. | 5.5 |
2023-08-09 | CVE-2023-38213 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-08-08 | CVE-2023-39210 | Zoom | Cleartext Storage of Sensitive Information vulnerability in Zoom Meeting Software Development KIT 5.14.10/5.14.7 Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | 5.5 |
2023-08-08 | CVE-2023-39212 | Zoom | Untrusted Search Path vulnerability in Zoom Rooms Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | 5.5 |
2023-08-08 | CVE-2023-20556 | AMD | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | 5.5 |
2023-08-08 | CVE-2023-20561 | AMD | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. | 5.5 |
2023-08-08 | CVE-2023-20588 | Debian AMD XEN Fedoraproject Microsoft | Divide By Zero vulnerability in multiple products A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |
2023-08-08 | CVE-2023-36889 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Security Feature Bypass Vulnerability | 5.5 |
2023-08-08 | CVE-2023-36914 | Microsoft | Unspecified vulnerability in Microsoft products Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 5.5 |
2023-08-08 | CVE-2023-38532 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens Parasolid and Teamcenter Visualization A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). | 5.5 |
2023-08-07 | CVE-2023-27373 | Insyde | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
2023-08-07 | CVE-2023-4194 | Linux Redhat Fedoraproject Debian | Incorrect Authorization vulnerability in multiple products A flaw was found in the Linux kernel's TUN/TAP functionality. | 5.5 |
2023-08-07 | CVE-2023-33906 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 | |
2023-08-07 | CVE-2023-33907 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts Service, there is a possible missing permission check. | 5.5 | |
2023-08-07 | CVE-2023-33908 | Missing Authorization vulnerability in Google Android 11.0/12.0 In ims service, there is a possible missing permission check. | 5.5 | |
2023-08-07 | CVE-2023-33909 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 | |
2023-08-07 | CVE-2023-33910 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 | |
2023-08-07 | CVE-2023-33911 | Missing Authorization vulnerability in Google Android 10.0/11.0/9.0 In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 | |
2023-08-07 | CVE-2023-33912 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 | |
2023-08-11 | CVE-2020-25915 | Thinkcmf | Cross-site Scripting vulnerability in Thinkcmf 5.1.5 Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | 5.4 |
2023-08-11 | CVE-2020-28849 | Churchcrm | Cross-site Scripting vulnerability in Churchcrm Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | 5.4 |
2023-08-10 | CVE-2023-37625 | Netbox | Cross-site Scripting vulnerability in Netbox 3.4.7 A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. | 5.4 |
2023-08-10 | CVE-2023-36312 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0 There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | 5.4 |
2023-08-10 | CVE-2023-23828 | Swas | Cross-site Scripting vulnerability in Swas WP Category Post List Auth. | 5.4 |
2023-08-10 | CVE-2023-24393 | Wpmart | Cross-site Scripting vulnerability in Wpmart Animated Number Counters 1.6 Auth. | 5.4 |
2023-08-10 | CVE-2023-37983 | Keegnotrub | Cross-site Scripting vulnerability in Keegnotrub ART Direction Auth. | 5.4 |
2023-08-10 | CVE-2023-4283 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Embedpress The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-08-10 | CVE-2023-23798 | WEB Settler | Cross-site Scripting vulnerability in Web-Settler Layer Slider Auth. | 5.4 |
2023-08-10 | CVE-2023-24009 | Wpazure | Cross-site Scripting vulnerability in Wpazure Upfrontwp 1.1 Auth. | 5.4 |
2023-08-10 | CVE-2023-23826 | Webmechanix | Cross-site Scripting vulnerability in Webmechanix ADD Posts to Pages 1.4.1 Auth. | 5.4 |
2023-08-09 | CVE-2023-39006 | Opnsense | Cross-site Scripting vulnerability in Opnsense The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | 5.4 |
2023-08-08 | CVE-2023-39518 | Fobybus | Cross-site Scripting vulnerability in Fobybus Social-Media-Skeleton social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. | 5.4 |
2023-08-08 | CVE-2023-38758 | Wger | Cross-site Scripting vulnerability in Wger Workout Manager 2.2.0 Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components. | 5.4 |
2023-08-08 | CVE-2023-38766 | Churchcrm | Cross-site Scripting vulnerability in Churchcrm 5.0.0 Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | 5.4 |
2023-08-08 | CVE-2023-3653 | Digital ANT | Cross-site Scripting vulnerability in Digital-Ant Digital ANT Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. | 5.4 |
2023-08-08 | CVE-2023-28773 | Kolja Nolte | Cross-site Scripting vulnerability in Kolja-Nolte Secondary Title Auth. | 5.4 |
2023-08-08 | CVE-2023-30482 | Villatheme | Cross-site Scripting vulnerability in Villatheme Wpbulky Auth. | 5.4 |
2023-08-08 | CVE-2022-45821 | Nootheme | Cross-site Scripting vulnerability in Nootheme NOO Timetable 2.1.3 Auth. | 5.4 |
2023-08-08 | CVE-2023-23877 | Bkmacdaddy | Cross-site Scripting vulnerability in Bkmacdaddy Pinterest RSS Widget 2.3.1 Auth. | 5.4 |
2023-08-08 | CVE-2023-23880 | Monsterinsights | Cross-site Scripting vulnerability in Monsterinsights Exactmetrics Auth. | 5.4 |
2023-08-08 | CVE-2023-29099 | Elegant Themes | Cross-site Scripting vulnerability in Elegant Themes Divi 4.20.2 Auth. | 5.4 |
2023-08-08 | CVE-2023-4202 | Advantech | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | 5.4 |
2023-08-08 | CVE-2023-4203 | Advantech | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | 5.4 |
2023-08-08 | CVE-2023-39437 | SAP | Cross-site Scripting vulnerability in SAP Business ONE 10.0 SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. | 5.4 |
2023-08-07 | CVE-2023-0604 | Wpfoodmanager | Unspecified vulnerability in Wpfoodmanager WP Food Manager The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 5.4 |
2023-08-07 | CVE-2023-3575 | Expresstech | Unspecified vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-08-13 | CVE-2023-39387 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of permission control in the window management module. | 5.3 |
2023-08-11 | CVE-2021-25786 | Qpdf Project | Use After Free vulnerability in Qpdf Project Qpdf 10.0.4 An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. | 5.3 |
2023-08-10 | CVE-2023-40014 | Openzeppelin | Improper Encoding or Escaping of Output vulnerability in Openzeppelin products OpenZeppelin Contracts is a library for secure smart contract development. | 5.3 |
2023-08-10 | CVE-2023-39958 | Nextcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 5.3 |
2023-08-10 | CVE-2023-39959 | Nextcloud | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 5.3 |
2023-08-09 | CVE-2023-3953 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Pro-Face Gp-Pro EX A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | 5.3 |
2023-08-08 | CVE-2023-36926 | SAP | Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.22 Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. | 5.3 |
2023-08-08 | CVE-2023-37484 | SAP | Use of a Broken or Risky Cryptographic Algorithm vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | 5.3 |
2023-08-08 | CVE-2023-37487 | SAP | Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Business ONE 10.0 SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | 5.3 |
2023-08-07 | CVE-2023-39903 | Fujitsu | Cleartext Storage of Sensitive Information vulnerability in Fujitsu Software Infrastructure Manager An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. | 5.0 |
2023-08-11 | CVE-2021-25856 | Supermicro CMS Project | Unspecified vulnerability in Supermicro-Cms Project Supermicro-Cms 3.11 An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php. | 4.9 |
2023-08-09 | CVE-2023-23903 | Nozominetworks | Unspecified vulnerability in Nozominetworks CMC and Guardian An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. | 4.9 |
2023-08-09 | CVE-2023-37858 | Phoenixcontact | Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | 4.9 |
2023-08-08 | CVE-2023-39218 | Zoom | Unspecified vulnerability in Zoom Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | 4.9 |
2023-08-08 | CVE-2023-3569 | Phoenixcontact | XML Entity Expansion vulnerability in Phoenixcontact products In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. | 4.9 |
2023-08-11 | CVE-2023-3937 | Snowsoftware | Cross-site Scripting vulnerability in Snowsoftware Snow License Manager 9.27/9.29/9.30 Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser | 4.8 |
2023-08-10 | CVE-2023-37388 | Supito | Cross-site Scripting vulnerability in Supito Mahato Simple Light Weight Social Share Auth. | 4.8 |
2023-08-10 | CVE-2023-38397 | Eggemplo | Cross-site Scripting vulnerability in Eggemplo Gestion-Pymes Auth. | 4.8 |
2023-08-10 | CVE-2023-39953 | Nextcloud | Incorrect Implementation of Authentication Algorithm vulnerability in Nextcloud User Oidc user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. | 4.8 |
2023-08-10 | CVE-2023-24391 | Spiderteams | Cross-site Scripting vulnerability in Spiderteams Applyonline - Application Form Builder and Manager 2.5 Auth. | 4.8 |
2023-08-10 | CVE-2023-34374 | Anspress | Cross-site Scripting vulnerability in Anspress Auth. | 4.8 |
2023-08-10 | CVE-2023-36530 | Smartypantsplugins | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager Auth. | 4.8 |
2023-08-10 | CVE-2023-23871 | Webdzier | Cross-site Scripting vulnerability in Webdzier Button 1.1.23 Auth. | 4.8 |
2023-08-10 | CVE-2022-44629 | Catalystconnect | Cross-site Scripting vulnerability in Catalystconnect Catalyst Connect Zoho CRM Client Portal 1.0/1.1/2.0.0 Auth. | 4.8 |
2023-08-10 | CVE-2023-24389 | Brandid | Cross-site Scripting vulnerability in Brandid Social Proof (Testimonial) Slider 2.2.3 Auth. | 4.8 |
2023-08-09 | CVE-2023-22843 | Nozominetworks | Cross-site Scripting vulnerability in Nozominetworks CMC and Guardian An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. | 4.8 |
2023-08-08 | CVE-2023-26961 | Alteryx | Cross-site Scripting vulnerability in Alteryx Server 2022.1.1.42590 Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. | 4.8 |
2023-08-08 | CVE-2023-25984 | Rigorous Digital | Cross-site Scripting vulnerability in Rigorous-Digital Dovetail 1.2.13 Auth. | 4.8 |
2023-08-08 | CVE-2023-28931 | Never5 | Cross-site Scripting vulnerability in Never5 Post Connector 1.0.4/1.0.9 Auth. | 4.8 |
2023-08-08 | CVE-2023-28934 | Paymentsplugin | Cross-site Scripting vulnerability in Paymentsplugin WP Full Stripe Free 1.6.1 Auth. | 4.8 |
2023-08-08 | CVE-2023-31221 | Ransomchristofferson | Cross-site Scripting vulnerability in Ransomchristofferson PDQ CSV 1.0.0 Auth. | 4.8 |
2023-08-08 | CVE-2023-32292 | Getbutton | Cross-site Scripting vulnerability in Getbutton Chat Button Auth. | 4.8 |
2023-08-08 | CVE-2023-23829 | Pierre Jehan | Cross-site Scripting vulnerability in Pierre-Jehan OWL Carousel 0.5.3 Auth. | 4.8 |
2023-08-08 | CVE-2023-25063 | Anadnet | Cross-site Scripting vulnerability in Anadnet Quick Page/Post Redirect Plugin Auth. | 4.8 |
2023-08-08 | CVE-2023-25459 | Postsnippets | Cross-site Scripting vulnerability in Postsnippets Post Snippets Auth. | 4.8 |
2023-08-08 | CVE-2023-27415 | Themeqx | Cross-site Scripting vulnerability in Themeqx Letterpress 1.1.2 Auth. | 4.8 |
2023-08-08 | CVE-2023-37683 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0 Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. | 4.8 |
2023-08-08 | CVE-2023-37684 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0 Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. | 4.8 |
2023-08-08 | CVE-2023-37685 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0 Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. | 4.8 |
2023-08-08 | CVE-2023-37686 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0 Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. | 4.8 |
2023-08-08 | CVE-2023-37688 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. | 4.8 |
2023-08-08 | CVE-2023-37689 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. | 4.8 |
2023-08-08 | CVE-2023-37690 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0 Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | 4.8 |
2023-08-08 | CVE-2023-27416 | Decondigital | Cross-site Scripting vulnerability in Decondigital Decon WP SMS 1.1 Auth. | 4.8 |
2023-08-08 | CVE-2023-27422 | Nsthemes | Cross-site Scripting vulnerability in Nsthemes NS Coupon to Become Customer 1.2.2 Auth. | 4.8 |
2023-08-08 | CVE-2023-36692 | WP Cirrus Project | Cross-site Scripting vulnerability in Wp-Cirrus Project Wp-Cirrus 0.6.11 Auth. | 4.8 |
2023-08-07 | CVE-2023-3650 | WOW Company | Unspecified vulnerability in Wow-Company Bubble Menu The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |
2023-08-11 | CVE-2023-22276 | Intel | Race Condition vulnerability in Intel products Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access. | 4.7 |
2023-08-10 | CVE-2023-29299 | Adobe | Untrusted Search Path vulnerability in Adobe products Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. | 4.7 |
2023-08-09 | CVE-2023-31448 | Paessler | Path Traversal vulnerability in Paessler Prtg Network Monitor A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. | 4.7 |
2023-08-09 | CVE-2023-31449 | Paessler | Path Traversal vulnerability in Paessler Prtg Network Monitor A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. | 4.7 |
2023-08-09 | CVE-2023-31450 | Paessler | Path Traversal vulnerability in Paessler Prtg Network Monitor A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. | 4.7 |
2023-08-08 | CVE-2023-20569 | Fedoraproject Debian AMD Microsoft | Information Exposure Through Discrepancy vulnerability in multiple products A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. | 4.7 |
2023-08-10 | CVE-2023-30704 | Samsung | Unspecified vulnerability in Samsung Internet Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | 4.6 |
2023-08-08 | CVE-2023-35394 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure HDInsight Jupyter Notebook Spoofing Vulnerability | 4.6 |
2023-08-08 | CVE-2023-35393 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure Apache Hive Spoofing Vulnerability | 4.5 |
2023-08-08 | CVE-2023-36877 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure Apache Oozie Spoofing Vulnerability | 4.5 |
2023-08-08 | CVE-2023-36881 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure Apache Ambari Spoofing Vulnerability | 4.5 |
2023-08-08 | CVE-2023-38188 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure Apache Hadoop Spoofing Vulnerability | 4.5 |
2023-08-11 | CVE-2022-27879 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2022-34657 | Intel | Improper Input Validation vulnerability in Intel Pcsd Bios Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2022-38083 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2022-38102 | Intel | Unspecified vulnerability in Intel Converged Security Management Engine Firmware Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-08-11 | CVE-2022-41984 | Intel | Unspecified vulnerability in Intel ARC A750 Firmware and ARC A770 Firmware Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-08-11 | CVE-2022-43505 | Intel | Unspecified vulnerability in Intel products Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-08-11 | CVE-2023-22330 | Intel | Use of Uninitialized Resource vulnerability in Intel products Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-22356 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-22444 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-23908 | Intel Debian Fedoraproject | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-27392 | Intel | Incorrect Default Permissions vulnerability in Intel Support 21.7.40/22.02.28 Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-27887 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-28938 | Mdadm Project | Resource Exhaustion vulnerability in Mdadm Project Mdadm Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | 4.4 |
2023-08-11 | CVE-2023-29243 | Intel | Unchecked Return Value vulnerability in Intel Realsense 450 FA Firmware 0.25.0 Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access. | 4.4 |
2023-08-11 | CVE-2023-29500 | Intel | Unspecified vulnerability in Intel products Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. | 4.4 |
2023-08-11 | CVE-2023-32285 | Intel | Unspecified vulnerability in Intel products Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-08-08 | CVE-2023-39440 | SAP | Cleartext Storage of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420 In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. | 4.4 |
2023-08-07 | CVE-2023-20780 | Unspecified vulnerability in Google Android 11.0/12.0/13.0 In keyinstall, there is a possible information disclosure due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2023-20781 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In keyinstall, there is a possible memory corruption due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2023-20782 | Unspecified vulnerability in Google Android 12.0/13.0 In keyinstall, there is a possible information disclosure due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2023-20789 | Unspecified vulnerability in Google Android 12.0/13.0 In jpeg, there is a possible information disclosure due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2023-20790 | Linuxfoundation Rdkcentral Openwrt | Out-of-bounds Write vulnerability in multiple products In nvram, there is a possible out of bounds write due to a missing bounds check. | 4.4 |
2023-08-07 | CVE-2023-20793 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In apu, there is a possible memory corruption due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2023-20796 | Linuxfoundation Rdkcentral Openwrt | Out-of-bounds Write vulnerability in multiple products In power, there is a possible memory corruption due to an incorrect bounds check. | 4.4 |
2023-08-07 | CVE-2023-20798 | Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0 In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. | 4.4 | |
2023-08-07 | CVE-2023-20810 | Google Linux | In IOMMU, there is a possible information disclosure due to improper input validation. | 4.4 |
2023-08-07 | CVE-2023-20812 | Mediatek | Out-of-bounds Write vulnerability in multiple products In wlan driver, there is a possible out of bounds write due to improper input validation. | 4.4 |
2023-08-07 | CVE-2023-20813 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds read due to improper input validation. | 4.4 | |
2023-08-07 | CVE-2023-20818 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In wlan service, there is a possible out of bounds read due to improper input validation. | 4.4 | |
2023-08-07 | CVE-2022-47350 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In camera driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-08-07 | CVE-2022-47351 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In camera driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-08-11 | CVE-2023-39418 | Postgresql Redhat Debian | A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. | 4.3 |
2023-08-11 | CVE-2023-4105 | Mattermost | Missing Authorization vulnerability in Mattermost Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | 4.3 |
2023-08-11 | CVE-2023-37511 | Hcltech | Unspecified vulnerability in Hcltech Traveler to DO If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | 4.3 |
2023-08-10 | CVE-2023-39961 | Nextcloud | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 4.3 |
2023-08-10 | CVE-2023-39965 | Fit2Cloud | Incorrect Authorization vulnerability in Fit2Cloud 1Panel 1.4.3 1Panel is an open source Linux server operation and maintenance management panel. | 4.3 |
2023-08-10 | CVE-2023-4282 | Wpdeveloper | Missing Authorization vulnerability in Wpdeveloper Embedpress The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. | 4.3 |
2023-08-10 | CVE-2023-30703 | Samsung | Unspecified vulnerability in Samsung Members Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. | 4.3 |
2023-08-09 | CVE-2023-24015 | Nozominetworks | Unspecified vulnerability in Nozominetworks CMC and Guardian A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. | 4.3 |
2023-08-09 | CVE-2023-37855 | Phoenixcontact | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. | 4.3 |
2023-08-09 | CVE-2023-37856 | Phoenixcontact | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 4.3 |
2023-08-09 | CVE-2023-38751 | Jpcert | Unspecified vulnerability in Jpcert Special Interest Group Network for Analysis and Liaison Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation. | 4.3 |
2023-08-09 | CVE-2023-38752 | Jpcert | Unspecified vulnerability in Jpcert Special Interest Group Network for Analysis and Liaison Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | 4.3 |
2023-08-09 | CVE-2023-4242 | Full | Incorrect Authorization vulnerability in Full - Customer The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. | 4.3 |
2023-08-08 | CVE-2023-36482 | Samsung | Classic Buffer Overflow vulnerability in Samsung products An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-08-08 | CVE-2023-39342 | Freedom | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Freedom Dangerzone Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. | 3.6 |
2023-08-10 | CVE-2023-30682 | Samsung | Unspecified vulnerability in Samsung Android 13.0 Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | 3.3 |
2023-08-10 | CVE-2023-30683 | Samsung | Unspecified vulnerability in Samsung Android 13.0 Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | 3.3 |
2023-08-10 | CVE-2023-30684 | Samsung | Unspecified vulnerability in Samsung Android 13.0 Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | 3.3 |
2023-08-10 | CVE-2023-30685 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. | 3.3 |
2023-08-10 | CVE-2023-30700 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. | 3.3 |
2023-08-09 | CVE-2023-39341 | Ffri Soliton NEC Skygroup | Improper Handling of Exceptional Conditions vulnerability in multiple products "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. | 3.3 |
2023-08-08 | CVE-2023-39978 | Imagemagick Fedoraproject | Memory Leak vulnerability in multiple products ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. | 3.3 |
2023-08-11 | CVE-2023-4304 | Froxlor | Unspecified vulnerability in Froxlor Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. | 2.7 |