Weekly Vulnerabilities Reports > August 21 to 27, 2023

Overview

474 new vulnerabilities reported during this period, including 68 critical vulnerabilities and 168 high severity vulnerabilities. This weekly summary report vulnerabilities in 690 products from 222 vendors including GNU, Tenda, Arubanetworks, Debian, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Classic Buffer Overflow", and "Use After Free".

  • 372 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 155 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 340 reported vulnerabilities are exploitable by an anonymous user.
  • GNU has the most reported vulnerabilities, with 26 reported vulnerabilities.
  • Tenda has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

68 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-22 CVE-2022-36648 Qemu NULL Pointer Dereference vulnerability in Qemu

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.

10.0
2023-08-27 CVE-2023-4557 Inventory Management System Project SQL Injection vulnerability in Inventory Management System Project Inventory Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0.

9.8
2023-08-27 CVE-2023-4558 Inventory Management System Project SQL Injection vulnerability in Inventory Management System Project Inventory Management System 1.0

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0.

9.8
2023-08-27 CVE-2023-4559 Laiketui Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui.

9.8
2023-08-27 CVE-2023-4556 Online Graduate Tracer System Project SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.

9.8
2023-08-26 CVE-2023-4548 SPA Cart SQL Injection vulnerability in Spa-Cart Ecommerce CMS 1.9.0.3

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3.

9.8
2023-08-26 CVE-2023-4545 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability was found in IBOS OA 4.5.5.

9.8
2023-08-25 CVE-2023-4542 Dlink OS Command Injection vulnerability in Dlink Dar-8000-10 Firmware

A vulnerability was found in D-Link DAR-8000-10 up to 20230809.

9.8
2023-08-25 CVE-2023-4543 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability was found in IBOS OA 4.5.5.

9.8
2023-08-25 CVE-2023-40571 Weblogic Framework Project Deserialization of Untrusted Data vulnerability in Weblogic-Framework Project Weblogic-Framework

weblogic-framework is a tool for detecting weblogic vulnerabilities.

9.8
2023-08-25 CVE-2023-40799 Tenda Out-of-bounds Write vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.

9.8
2023-08-25 CVE-2023-32757 Edetw Unrestricted Upload of File with Dangerous Type vulnerability in Edetw U-Office Force 20.0.7668D

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type.

9.8
2023-08-25 CVE-2023-39699 Icewarp Path Traversal vulnerability in Icewarp Mail Server 10.4.5

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php.

9.8
2023-08-24 CVE-2023-39834 Pbootcms Command Injection vulnerability in Pbootcms

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.

9.8
2023-08-24 CVE-2023-40891 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.

9.8
2023-08-24 CVE-2023-40892 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.

9.8
2023-08-24 CVE-2023-40893 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

9.8
2023-08-24 CVE-2023-40894 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.

9.8
2023-08-24 CVE-2023-40895 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

9.8
2023-08-24 CVE-2023-40896 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

9.8
2023-08-24 CVE-2023-40897 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.

9.8
2023-08-24 CVE-2023-40898 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.

9.8
2023-08-24 CVE-2023-40899 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

9.8
2023-08-24 CVE-2023-40900 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

9.8
2023-08-24 CVE-2023-40901 Tenda Out-of-bounds Write vulnerability in Tenda Ac10V4 Firmware 16.03.10.13

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.

9.8
2023-08-24 CVE-2023-40902 Tenda Out-of-bounds Write vulnerability in Tenda Ac10V4 Firmware 16.03.10.13

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

9.8
2023-08-24 CVE-2023-40904 Tenda Out-of-bounds Write vulnerability in Tenda Ac10V4 Firmware 16.03.10.13

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

9.8
2023-08-24 CVE-2023-40706 Opto22 Improper Restriction of Excessive Authentication Attempts vulnerability in Opto22 Snap PAC S1 Firmware R10.3B

There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b.

9.8
2023-08-23 CVE-2023-4041 Silabs Download of Code Without Integrity Check vulnerability in Silabs Gecko Bootloader 4.3.0/4.3.1

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

9.8
2023-08-23 CVE-2023-4404 Wpcharitable Improper Privilege Management vulnerability in Wpcharitable Charitable

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function.

9.8
2023-08-22 CVE-2023-38734 IBM Improper Privilege Management vulnerability in IBM Robotic Process Automation

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.

9.8
2023-08-22 CVE-2021-32292 Json C Project Out-of-bounds Write vulnerability in Json-C Project Json-C 0.1520200726

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726.

9.8
2023-08-22 CVE-2021-33388 Dpic Project Out-of-bounds Write vulnerability in Dpic Project Dpic 20210410

dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y

9.8
2023-08-22 CVE-2021-33390 Dpic Project Use After Free vulnerability in Dpic Project Dpic 20210410

dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y.

9.8
2023-08-22 CVE-2022-45611 Fresenius Kabi Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.

9.8
2023-08-22 CVE-2022-48174 Busybox Out-of-bounds Write vulnerability in Busybox

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.

9.8
2023-08-22 CVE-2022-48522 Perl Out-of-bounds Write vulnerability in Perl 5.34.0

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

9.8
2023-08-22 CVE-2022-48565 Python
Debian
XXE vulnerability in multiple products

An XML External Entity (XXE) issue was discovered in Python through 3.9.1.

9.8
2023-08-22 CVE-2023-36281 Langchain Code Injection vulnerability in Langchain 0.0.171

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt.

9.8
2023-08-21 CVE-2023-25915 Danfoss Unspecified vulnerability in Danfoss Ak-Sm 800A Firmware

Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.

9.8
2023-08-21 CVE-2023-4373 Devolutions Improper Authentication vulnerability in Devolutions Remote Desktop Manager

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.

9.8
2023-08-21 CVE-2023-31447 Draytek Unspecified vulnerability in Draytek Vigor2620 Firmware and Vigor2625 Firmware

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

9.8
2023-08-21 CVE-2023-32002 Nodejs Unspecified vulnerability in Nodejs Node.Js

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

9.8
2023-08-21 CVE-2023-38035 Ivanti Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

9.8
2023-08-21 CVE-2023-38961 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.

9.8
2023-08-21 CVE-2023-39660 Gabrieleventuri Unspecified vulnerability in Gabrieleventuri Pandasai

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.

9.8
2023-08-21 CVE-2020-28715 Leeco Unspecified vulnerability in Leeco Letv X43 Firmware V2401Rcn02C080080B04121S

An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

9.8
2023-08-21 CVE-2023-39747 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.

9.8
2023-08-21 CVE-2023-39749 Dlink Classic Buffer Overflow vulnerability in Dlink Dap-2660 Firmware 1.13

D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource.

9.8
2023-08-21 CVE-2023-39750 Dlink Classic Buffer Overflow vulnerability in Dlink Dap-2660 Firmware 1.13

D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6.

9.8
2023-08-21 CVE-2023-39751 TP Link Out-of-bounds Write vulnerability in Tp-Link Tl-Wr941Nd V6 Firmware

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

9.8
2023-08-21 CVE-2023-4450 Jeecg Injection vulnerability in Jeecg Jimureport

A vulnerability was found in jeecgboot JimuReport up to 1.6.0.

9.8
2023-08-21 CVE-2023-39617 Totolink Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2089B20211224/9.1.0Cu.2350B20230313

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

9.8
2023-08-21 CVE-2023-39618 Totolink Command Injection vulnerability in Totolink X5000R Firmware B20210419

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.

9.8
2023-08-21 CVE-2023-4447 Openrapid SQL Injection vulnerability in Openrapid Rapidcms 1.3.1

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical.

9.8
2023-08-21 CVE-2023-4448 Openrapid Weak Password Recovery Mechanism for Forgotten Password vulnerability in Openrapid Rapidcms 1.3.1

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical.

9.8
2023-08-21 CVE-2023-39807 Nvki SQL Injection vulnerability in Nvki Intelligent Broadband Subscriber Gateway 3.5

N.V.K.INTER CO., LTD.

9.8
2023-08-21 CVE-2023-39808 Nvki Use of Hard-coded Credentials vulnerability in Nvki Intelligent Broadband Subscriber Gateway 3.5

N.V.K.INTER CO., LTD.

9.8
2023-08-21 CVE-2023-39809 Nvki Command Injection vulnerability in Nvki Intelligent Broadband Subscriber Gateway 3.5

N.V.K.INTER CO., LTD.

9.8
2023-08-21 CVE-2023-4443 Free Hospital Management System FOR Small Practices Project SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0

A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12.

9.8
2023-08-21 CVE-2023-4444 Free Hospital Management System FOR Small Practices Project SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0.

9.8
2023-08-21 CVE-2023-4445 Mini SQL Injection vulnerability in Mini Mini-Tmall

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811.

9.8
2023-08-21 CVE-2023-4446 Openrapid SQL Injection vulnerability in Openrapid Rapidcms 1.3.1

A vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1.

9.8
2023-08-21 CVE-2023-4441 Free Hospital Management System FOR Small Practices Project SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0.

9.8
2023-08-21 CVE-2023-4442 Free Hospital Management System FOR Small Practices Project SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0.

9.8
2023-08-25 CVE-2019-13690 Google Improper Privilege Management vulnerability in Google Chrome

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file.

9.6
2023-08-22 CVE-2020-24113 Yealink Path Traversal vulnerability in Yealink W60B Firmware 77.83.0.85

Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).

9.1
2023-08-21 CVE-2023-39939 Luxsoft SQL Injection vulnerability in Luxsoft Luxcal web Calendar

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

9.1

168 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-27 CVE-2022-43907 IBM OS Command Injection vulnerability in IBM Security Guardium 11.4

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

8.8
2023-08-25 CVE-2023-37249 Infoblox Unspecified vulnerability in Infoblox Nios

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.

8.8
2023-08-25 CVE-2023-40797 Tenda Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.

8.8
2023-08-25 CVE-2023-40798 Tenda Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.

8.8
2023-08-25 CVE-2022-4452 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8
2023-08-25 CVE-2023-40800 Tenda Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.

8.8
2023-08-25 CVE-2023-40801 Tenda Improper Input Validation vulnerability in Tenda Ac23

The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn

8.8
2023-08-25 CVE-2023-25649 ZTE Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04

There is a command injection vulnerability in a mobile internet product of ZTE.

8.8
2023-08-24 CVE-2023-32079 Gravitl Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Gravitl Netmaker

Netmaker makes networks with WireGuard.

8.8
2023-08-24 CVE-2023-37469 Icewhale Command Injection vulnerability in Icewhale Casaos

CasaOS is an open-source personal cloud system.

8.8
2023-08-24 CVE-2023-4419 Sick Use of Hard-coded Credentials vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.

8.8
2023-08-24 CVE-2022-46884 Mozilla Use After Free vulnerability in Mozilla Firefox

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time.

8.8
2023-08-24 CVE-2023-34971 Qnap Inadequate Encryption Strength vulnerability in Qnap QTS and Quts Hero

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems.

8.8
2023-08-24 CVE-2023-40573 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-08-23 CVE-2023-32202 Walchem Improper Authentication vulnerability in Walchem Intuition 9 Firmware

Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication.

8.8
2023-08-23 CVE-2023-41028 Juplink Out-of-bounds Write vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.5

A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5.

8.8
2023-08-23 CVE-2023-40177 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-08-23 CVE-2023-40144 CBC OS Command Injection vulnerability in CBC products

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings.

8.8
2023-08-23 CVE-2023-38585 CBC Improper Authentication vulnerability in CBC products

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings.

8.8
2023-08-23 CVE-2023-40158 CBC Unspecified vulnerability in CBC products

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings.

8.8
2023-08-23 CVE-2023-4429 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-08-23 CVE-2023-4430 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-08-22 CVE-2020-19726 GNU Unspecified vulnerability in GNU Binutils 2.36

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

8.8
2023-08-22 CVE-2020-24292 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.19.0

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.

8.8
2023-08-22 CVE-2020-24293 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.19.0

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

8.8
2023-08-22 CVE-2020-24295 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.19.0

Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

8.8
2023-08-22 CVE-2020-25887 Cesanta Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18

Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.

8.8
2023-08-22 CVE-2021-40263 Freeimage Project Out-of-bounds Write vulnerability in Freeimage Project Freeimage 1.18.0

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

8.8
2023-08-22 CVE-2021-40265 Freeimage Project Out-of-bounds Write vulnerability in Freeimage Project Freeimage

A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

8.8
2023-08-22 CVE-2022-26592 Sass Lang Out-of-bounds Write vulnerability in Sass-Lang Libsass 3.6.5

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.

8.8
2023-08-22 CVE-2023-23564 Geomatika Command Injection vulnerability in Geomatika Isigeo web 6.0

An issue was discovered in Geomatika IsiGeo Web 6.0.

8.8
2023-08-22 CVE-2020-18232 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.4

Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

8.8
2023-08-22 CVE-2020-18494 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.4

Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

8.8
2023-08-21 CVE-2023-36787 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.8
2023-08-21 CVE-2023-38836 Boidcms Unrestricted Upload of File with Dangerous Type vulnerability in Boidcms 2.0.0

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.

8.8
2023-08-21 CVE-2023-39106 Alibabacloud Deserialization of Untrusted Data vulnerability in Alibabacloud Nacos Spring Project

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

8.8
2023-08-21 CVE-2023-4449 Inventory Management System Project SQL Injection vulnerability in Inventory Management System Project Inventory Management System 1.0

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0.

8.8
2023-08-23 CVE-2023-40185 Shescape Project Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Shescape Project Shescape

shescape is simple shell escape library for JavaScript.

8.6
2023-08-22 CVE-2020-23793 Spice Space Missing Authorization vulnerability in Spice-Space Spice-Server 0.14.06El76.1

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product.

8.6
2023-08-25 CVE-2023-4478 Mattermost Injection vulnerability in Mattermost Server

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

8.2
2023-08-21 CVE-2022-46751 Apache XXE vulnerability in Apache IVY

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven.

8.2
2023-08-23 CVE-2023-3453 Etictelecom Insecure Default Initialization of Resource vulnerability in Etictelecom Remote Access Server Firmware 4.5.0/4.7.0

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default.

8.1
2023-08-23 CVE-2023-37379 Apache Unspecified vulnerability in Apache Airflow

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges.

8.1
2023-08-23 CVE-2023-4427 Google
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1
2023-08-23 CVE-2023-4428 Google
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1
2023-08-23 CVE-2023-4431 Google
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.1
2023-08-22 CVE-2023-37424 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met.

8.1
2023-08-22 CVE-2023-37429 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-22 CVE-2023-37430 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-22 CVE-2023-37431 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-22 CVE-2023-37432 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-22 CVE-2023-37433 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-22 CVE-2023-37434 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

8.1
2023-08-24 CVE-2023-40572 Xwiki Cross-Site Request Forgery (CSRF) vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.0
2023-08-23 CVE-2023-40612 Opennms XML Injection (aka Blind XPath Injection) vulnerability in Opennms Horizon and Meridian

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks.

8.0
2023-08-23 CVE-2023-40273 Apache Session Fixation vulnerability in Apache Airflow

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user.

8.0
2023-08-25 CVE-2021-27932 Stormshield Unspecified vulnerability in Stormshield SSL VPN Client 2.1.0/3.0.0

Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.

7.8
2023-08-25 CVE-2023-24621 Esotericsoftware Deserialization of Untrusted Data vulnerability in Esotericsoftware Yamlbeans

An issue was discovered in Esoteric YamlBeans through 1.15.

7.8
2023-08-25 CVE-2023-40031 Notepad Plus Plus Heap-based Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++

Notepad++ is a free and open-source source code editor.

7.8
2023-08-25 CVE-2019-13689 Google Link Following vulnerability in Google Chrome

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file.

7.8
2023-08-25 CVE-2023-40796 Phicomm Command Injection vulnerability in Phicomm K2 Firmware 22.6.529.216

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call.

7.8
2023-08-24 CVE-2023-40022 Rizin Integer Overflow or Wraparound vulnerability in Rizin

Rizin is a UNIX-like reverse engineering framework and command-line toolset.

7.8
2023-08-24 CVE-2023-34040 Vmware Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied.

7.8
2023-08-23 CVE-2023-38831 Rarlab Unspecified vulnerability in Rarlab Winrar

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

7.8
2023-08-23 CVE-2023-3899 Redhat
Fedoraproject
Incorrect Authorization vulnerability in multiple products

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization.

7.8
2023-08-23 CVE-2023-39984 Hitachi Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi Eh-View

** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations.

7.8
2023-08-23 CVE-2023-39985 Hitachi Out-of-bounds Write vulnerability in Hitachi Eh-View

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations.

7.8
2023-08-23 CVE-2023-3495 Hitachi Out-of-bounds Write vulnerability in Hitachi Eh-View

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations.

7.8
2023-08-22 CVE-2020-19725 Microsoft Use After Free vulnerability in Microsoft Z3

There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8.

7.8
2023-08-22 CVE-2020-21426 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.18.0

Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8
2023-08-22 CVE-2020-21427 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.18.0

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8
2023-08-22 CVE-2020-21428 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.18.0

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8
2023-08-22 CVE-2020-21722 OGG Video Tools Project Use After Free vulnerability in OGG Video Tools Project OGG Video Tools 0.9.1

Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.

7.8
2023-08-22 CVE-2020-21724 OGG Video Tools Project Out-of-bounds Write vulnerability in OGG Video Tools Project OGG Video Tools 0.9.1

Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.

7.8
2023-08-22 CVE-2020-21890 Artifex Out-of-bounds Write vulnerability in Artifex Ghostscript 9.50

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

7.8
2023-08-22 CVE-2020-22219 Flac Project Classic Buffer Overflow vulnerability in Flac Project Flac

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

7.8
2023-08-22 CVE-2022-44840 GNU Out-of-bounds Write vulnerability in GNU Binutils

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

7.8
2023-08-22 CVE-2022-45703 GNU Out-of-bounds Write vulnerability in GNU Binutils

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

7.8
2023-08-22 CVE-2022-47069 7 ZIP Out-of-bounds Write vulnerability in 7-Zip P7Zip 16.02

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.

7.8
2023-08-22 CVE-2022-47673 GNU Out-of-bounds Read vulnerability in GNU Binutils

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

7.8
2023-08-22 CVE-2022-47695 GNU Unspecified vulnerability in GNU Binutils

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

7.8
2023-08-22 CVE-2022-47696 GNU Unspecified vulnerability in GNU Binutils

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

7.8
2023-08-22 CVE-2023-34853 Supermicro Out-of-bounds Write vulnerability in Supermicro products

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

7.8
2023-08-22 CVE-2020-18831 Exiv2 Out-of-bounds Write vulnerability in Exiv2 0.27.1

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.

7.8
2023-08-21 CVE-2023-38899 Berkaygediz SQL Injection vulnerability in Berkaygediz O Blog 1.0

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

7.8
2023-08-27 CVE-2023-38730 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Storage Copy Data Management

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-08-26 CVE-2023-36741 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

7.5
2023-08-25 CVE-2023-34723 Jaycar Link Following vulnerability in Jaycar La5570 Firmware 1.0.19T53

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.

7.5
2023-08-25 CVE-2023-39289 Mitel Unspecified vulnerability in Mitel Mivoice Connect

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration.

7.5
2023-08-25 CVE-2023-41121 Arraynetworks Unspecified vulnerability in Arraynetworks Arrayos AG 9.4.0.469/9.4.0.470/9.4.0.481

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.

7.5
2023-08-25 CVE-2023-40583 Protocol Unspecified vulnerability in Protocol Libp2P

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use.

7.5
2023-08-25 CVE-2023-40585 Metal3 Missing Authentication for Critical Function vulnerability in Metal3 Ironic-Image

ironic-image is a container image to run OpenStack Ironic as part of Metal³.

7.5
2023-08-25 CVE-2023-40586 Coraza Unspecified vulnerability in Coraza 3.0.0

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library.

7.5
2023-08-25 CVE-2023-36198 Skale Classic Buffer Overflow vulnerability in Skale Sgxwallet 1.9.0

Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.

7.5
2023-08-25 CVE-2023-36199 Skale NULL Pointer Dereference vulnerability in Skale Sgxwallet

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.

7.5
2023-08-25 CVE-2023-40915 Tenda Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11

Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set.

7.5
2023-08-25 CVE-2023-32756 Edetw Path Traversal vulnerability in Edetw U-Office Force 20.0.7668D

e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions.

7.5
2023-08-25 CVE-2023-41173 Adguard DNS Unspecified vulnerability in Adguard-Dns Adguard DNS

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

7.5
2023-08-25 CVE-2023-40599 Synck Graphica Unspecified vulnerability in Synck Graphica Mailform PRO CGI 4.1.4/4.1.5/4.3.1

Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition.

7.5
2023-08-24 CVE-2023-40017 Geosolutionsgroup Server-Side Request Forgery (SSRF) vulnerability in Geosolutionsgroup Geonode

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data.

7.5
2023-08-24 CVE-2023-32077 Gravitl Use of Hard-coded Credentials vulnerability in Gravitl Netmaker

Netmaker makes networks with WireGuard.

7.5
2023-08-24 CVE-2023-32078 Gravitl Authorization Bypass Through User-Controlled Key vulnerability in Gravitl Netmaker

Netmaker makes networks with WireGuard.

7.5
2023-08-24 CVE-2023-31412 Sick Use of Password Hash With Insufficient Computational Effort vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs.

7.5
2023-08-24 CVE-2023-4418 Sick Resource Exhaustion vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware

A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack.

7.5
2023-08-24 CVE-2023-40707 Opto22 Weak Password Requirements vulnerability in Opto22 Snap PAC S1 Firmware R10.3B

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.

7.5
2023-08-24 CVE-2023-40709 Opto22 Resource Exhaustion vulnerability in Opto22 Snap PAC S1 Firmware R10.3B

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b

7.5
2023-08-24 CVE-2023-40710 Opto22 Resource Exhaustion vulnerability in Opto22 Snap PAC S1 Firmware R10.3B

An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b

7.5
2023-08-24 CVE-2023-3705 Cpplusworld Unspecified vulnerability in Cpplusworld products

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product.

7.5
2023-08-24 CVE-2023-4511 Wireshark Infinite Loop vulnerability in Wireshark

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

7.5
2023-08-24 CVE-2023-4512 Wireshark Uncontrolled Recursion vulnerability in Wireshark

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

7.5
2023-08-24 CVE-2023-4513 Wireshark Memory Leak vulnerability in Wireshark

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

7.5
2023-08-24 CVE-2023-32559 Nodejs Unspecified vulnerability in Nodejs Node.Js

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.

7.5
2023-08-23 CVE-2023-38422 Walchem Missing Authentication for Critical Function vulnerability in Walchem Intuition 9 Firmware

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server.

7.5
2023-08-23 CVE-2023-1409 Mongodb Improper Certificate Validation vulnerability in Mongodb

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g.

7.5
2023-08-23 CVE-2023-41105 Python
Netapp
Untrusted Search Path vulnerability in multiple products

An issue was discovered in Python 3.11 through 3.11.4.

7.5
2023-08-22 CVE-2023-39026 Filemage Path Traversal vulnerability in Filemage

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.

7.5
2023-08-22 CVE-2023-33850 IBM Information Exposure Through Discrepancy vulnerability in IBM Cics TX and Txseries for Multiplatform

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation.

7.5
2023-08-22 CVE-2020-20813 Openvpn Unspecified vulnerability in Openvpn

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

7.5
2023-08-22 CVE-2020-21699 Alibaba Integer Overflow or Wraparound vulnerability in Alibaba Tengine 2.2.2

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.

7.5
2023-08-22 CVE-2020-22218 Libssh2 Out-of-bounds Write vulnerability in Libssh2 1.10.0

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

7.5
2023-08-22 CVE-2020-22570 Memcached Command Injection vulnerability in Memcached 1.6.0/1.6.1/1.6.2

Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.

7.5
2023-08-22 CVE-2020-23804 Freedesktop
Debian
Uncontrolled Recursion vulnerability in multiple products

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

7.5
2023-08-22 CVE-2020-26652 Realtek Unspecified vulnerability in Realtek Rtl8812Au Firmware 5.6.4.2

An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.

7.5
2023-08-22 CVE-2020-35342 GNU Improper Initialization vulnerability in GNU Binutils

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

7.5
2023-08-22 CVE-2021-30047 Vsftpd Project Unspecified vulnerability in Vsftpd Project Vsftpd 3.0.3

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

7.5
2023-08-22 CVE-2021-32420 Dpic Project Out-of-bounds Write vulnerability in Dpic Project Dpic 20210101

dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.

7.5
2023-08-22 CVE-2021-32421 Dpic Project Use After Free vulnerability in Dpic Project Dpic 20210101

dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.

7.5
2023-08-22 CVE-2021-32422 Dpic Project Classic Buffer Overflow vulnerability in Dpic Project Dpic 20210101

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

7.5
2023-08-22 CVE-2021-34193 Opensc Project Out-of-bounds Write vulnerability in Opensc Project Opensc

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

7.5
2023-08-22 CVE-2021-35309 Samsung Unspecified vulnerability in Samsung Syncthru web Service 5.93

An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.

7.5
2023-08-22 CVE-2021-40211 Imagemagick Divide By Zero vulnerability in Imagemagick 7.1.04

An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.

7.5
2023-08-22 CVE-2021-46174 GNU Out-of-bounds Write vulnerability in GNU Binutils

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

7.5
2023-08-22 CVE-2022-25024 Vinitkumar Improper Check for Unusual or Exceptional Conditions vulnerability in Vinitkumar Json2Xml

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.

7.5
2023-08-22 CVE-2022-28068 Radare Out-of-bounds Write vulnerability in Radare Radare2 5.4.0/5.4.2

A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-28069 Radare Out-of-bounds Write vulnerability in Radare Radare2 5.4.0/5.4.2

A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-28070 Radare NULL Pointer Dereference vulnerability in Radare Radare2 5.4.0/5.4.2

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-28071 Radare Use After Free vulnerability in Radare Radare2 5.4.0/5.4.2

A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-28072 Radare Out-of-bounds Write vulnerability in Radare Radare2 5.4.0/5.4.2

A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-28073 Radare Use After Free vulnerability in Radare Radare2 5.4.0/5.4.2

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

7.5
2023-08-22 CVE-2022-34038 Etcd Out-of-bounds Write vulnerability in Etcd 3.5.4

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go.

7.5
2023-08-22 CVE-2022-43357 Sass Lang Out-of-bounds Write vulnerability in Sass-Lang Libsass and Sassc

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS).

7.5
2023-08-22 CVE-2022-43358 Sass Lang Out-of-bounds Write vulnerability in Sass-Lang Libsass 3.6.58G210218

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).

7.5
2023-08-22 CVE-2022-48560 Python
Debian
Use After Free vulnerability in multiple products

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

7.5
2023-08-22 CVE-2022-48570 Cryptopp Out-of-bounds Write vulnerability in Cryptopp Crypto++

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation.

7.5
2023-08-22 CVE-2022-48571 Memcached Resource Exhaustion vulnerability in Memcached 1.6.7

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

7.5
2023-08-22 CVE-2023-37426 Arubanetworks Use of Hard-coded Credentials vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations.

7.5
2023-08-22 CVE-2023-39141 Ziahamza Path Traversal vulnerability in Ziahamza Webui-Aria2

webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.

7.5
2023-08-21 CVE-2023-25913 Danfoss Improper Authentication vulnerability in Danfoss Ak-Sm 800A Firmware

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

7.5
2023-08-21 CVE-2023-25914 Danfoss Path Traversal vulnerability in Danfoss Ak-Sm 800A Firmware

Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.

7.5
2023-08-21 CVE-2023-38976 Weaviate Reachable Assertion vulnerability in Weaviate 1.20.0

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.

7.5
2023-08-21 CVE-2023-3604 Wpexpertsio Unspecified vulnerability in Wpexpertsio Change WP Admin Login

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.

7.5
2023-08-21 CVE-2023-40735 Butterfly Button Unspecified vulnerability in Butterfly-Button Butterfly Button

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21.

7.5
2023-08-21 CVE-2023-39745 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm.

7.5
2023-08-21 CVE-2023-39748 TP Link Unspecified vulnerability in Tp-Link Tl-Wr1041N V2 Firmware

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.5
2023-08-21 CVE-2023-39784 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.

7.5
2023-08-21 CVE-2023-39785 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.

7.5
2023-08-21 CVE-2023-39786 Tenda Out-of-bounds Write vulnerability in Tenda Ac8V4 Firmware 16.03.34.06

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.

7.5
2023-08-24 CVE-2023-4420 Sick Missing Encryption of Sensitive Data vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware

A remote unprivileged attacker can intercept the communication via e.g.

7.4
2023-08-23 CVE-2023-20169 Cisco Improper Input Validation vulnerability in Cisco Nx-Os 10.3(2)

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet.

7.4
2023-08-23 CVE-2023-40035 Craftcms Injection vulnerability in Craftcms Craft CMS

Craft is a CMS for creating custom digital experiences on the web and beyond.

7.2
2023-08-22 CVE-2023-24517 Pandorafms Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands.

7.2
2023-08-22 CVE-2023-37427 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host.

7.2
2023-08-22 CVE-2023-37428 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

7.2
2023-08-21 CVE-2023-40352 Mcafee Uncontrolled Search Path Element vulnerability in Mcafee Safe Connect

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.

7.2
2023-08-23 CVE-2023-40025 Linuxfoundation Insufficient Session Expiration vulnerability in Linuxfoundation Argo-Cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

7.1
2023-08-22 CVE-2021-29390 Libjpeg Turbo
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

7.1
2023-08-22 CVE-2022-44729 Apache
Debian
Server-Side Request Forgery (SSRF) vulnerability in multiple products

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure.

7.1
2023-08-22 CVE-2022-48541 Imagemagick
Fedoraproject
Memory Leak vulnerability in multiple products

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

7.1

235 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-22 CVE-2023-4212 Trane Command Injection vulnerability in Trane products

?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename.

6.8
2023-08-23 CVE-2022-3742 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.

6.7
2023-08-23 CVE-2022-3744 Lenovo Use of Hard-coded Credentials vulnerability in Lenovo products

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.

6.7
2023-08-23 CVE-2022-3746 Lenovo Improper Access Control vulnerability in Lenovo products

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.

6.7
2023-08-22 CVE-2020-21583 Kernel Unspecified vulnerability in Kernel Util-Linux

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

6.7
2023-08-22 CVE-2023-38996 Douran Unspecified vulnerability in Douran Dsgate

An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.

6.7
2023-08-26 CVE-2023-4546 Byzoro Unspecified vulnerability in Byzoro Smart S85F Management Platform

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230816.

6.5
2023-08-25 CVE-2023-2906 Wireshark Divide By Zero vulnerability in Wireshark

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

6.5
2023-08-25 CVE-2023-32678 Zulip Improper Authorization vulnerability in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat.

6.5
2023-08-25 CVE-2023-38710 Libreswan Unspecified vulnerability in Libreswan

An issue was discovered in Libreswan before 4.12.

6.5
2023-08-25 CVE-2023-38711 Libreswan NULL Pointer Dereference vulnerability in Libreswan

An issue was discovered in Libreswan before 4.12.

6.5
2023-08-25 CVE-2023-38712 Libreswan NULL Pointer Dereference vulnerability in Libreswan

An issue was discovered in Libreswan 3.x and 4.x before 4.12.

6.5
2023-08-25 CVE-2023-40579 Openfga Improper Access Control vulnerability in Openfga

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar.

6.5
2023-08-25 CVE-2023-40580 Stellar Unspecified vulnerability in Stellar Freighter

Freighter is a Stellar chrome extension.

6.5
2023-08-25 CVE-2023-38201 Keylime
Redhat
Fedoraproject
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.
6.5
2023-08-25 CVE-2023-40802 Tenda Out-of-bounds Write vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn

6.5
2023-08-25 CVE-2023-3406 M Files Path Traversal vulnerability in M-Files Classic web 23.2

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server

6.5
2023-08-24 CVE-2023-34972 Qnap Cleartext Transmission of Sensitive Information vulnerability in Qnap QTS and Quts Hero

A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems.

6.5
2023-08-24 CVE-2023-4227 Moxa Incorrect Authorization vulnerability in Moxa Iologik E4200 Firmware 1.6

A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product.

6.5
2023-08-23 CVE-2023-20168 Cisco Improper Input Validation vulnerability in Cisco Nx-Os 10.2(5)/9.3(11)

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload.

6.5
2023-08-23 CVE-2023-41104 Varnish Software Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Varnish-Software Varnish Enterprise and Vmod Digest

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.

6.5
2023-08-22 CVE-2020-19188 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2020-19189 GNU
Netapp
Debian
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2020-19190 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2020-22524 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.19.0

Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.

6.5
2023-08-22 CVE-2020-22628 Libraw Out-of-bounds Read vulnerability in Libraw

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

6.5
2023-08-22 CVE-2020-24294 Freeimage Project Classic Buffer Overflow vulnerability in Freeimage Project Freeimage 3.19.0

Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.

6.5
2023-08-22 CVE-2020-35357 GNU
Debian
Classic Buffer Overflow vulnerability in multiple products

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6.

6.5
2023-08-22 CVE-2021-40262 Freeimage Project Out-of-bounds Write vulnerability in Freeimage Project Freeimage

A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

6.5
2023-08-22 CVE-2021-40264 Freeimage Project NULL Pointer Dereference vulnerability in Freeimage Project Freeimage

NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.

6.5
2023-08-22 CVE-2021-40266 Freeimage Project NULL Pointer Dereference vulnerability in Freeimage Project Freeimage

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

6.5
2023-08-22 CVE-2021-43171 E Foundation Improper Verification of Cryptographic Signature vulnerability in E.Foundation APP Lounge

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.

6.5
2023-08-22 CVE-2021-46179 UPX Project Reachable Assertion vulnerability in UPX Project UPX

Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.

6.5
2023-08-22 CVE-2021-46310 Djvulibre Project Divide By Zero vulnerability in Djvulibre Project Djvulibre 3.5.28

An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

6.5
2023-08-22 CVE-2021-46312 Djvulibre Project Divide By Zero vulnerability in Djvulibre Project Djvulibre 3.5.28

An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

6.5
2023-08-22 CVE-2022-37050 Freedesktop
Debian
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing.
6.5
2023-08-22 CVE-2022-37051 Freedesktop
Debian
Reachable Assertion vulnerability in multiple products

An issue was discovered in Poppler 22.07.0.

6.5
2023-08-22 CVE-2022-37052 Freedesktop Reachable Assertion vulnerability in Freedesktop Poppler 22.07.0

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

6.5
2023-08-22 CVE-2022-38349 Freedesktop Reachable Assertion vulnerability in Freedesktop Poppler 22.08.0

An issue was discovered in Poppler 22.08.0.

6.5
2023-08-22 CVE-2022-40090 Libtiff Infinite Loop vulnerability in Libtiff

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

6.5
2023-08-22 CVE-2022-48564 Python
Netapp
Resource Exhaustion vulnerability in multiple products

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

6.5
2023-08-22 CVE-2023-23563 Geomatika SQL Injection vulnerability in Geomatika Isigeo web 6.0

An issue was discovered in Geomatika IsiGeo Web 6.0.

6.5
2023-08-22 CVE-2023-24515 Pandorafms Server-Side Request Forgery (SSRF) vulnerability in Pandorafms Pandora FMS

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS.

6.5
2023-08-22 CVE-2023-37435 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

6.5
2023-08-22 CVE-2023-37436 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

6.5
2023-08-22 CVE-2023-37437 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

6.5
2023-08-22 CVE-2023-37438 Arubanetworks SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

6.5
2023-08-22 CVE-2020-18378 Webassembly NULL Pointer Dereference vulnerability in Webassembly Binaryen 1.38.26

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26.

6.5
2023-08-22 CVE-2020-18382 Webassembly Out-of-bounds Write vulnerability in Webassembly Binaryen 1.38.26

Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26.

6.5
2023-08-22 CVE-2020-18651 Exempi Project Out-of-bounds Write vulnerability in Exempi Project Exempi

Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.

6.5
2023-08-22 CVE-2020-18652 Exempi Project Out-of-bounds Write vulnerability in Exempi Project Exempi

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.

6.5
2023-08-22 CVE-2020-18839 Freedesktop Out-of-bounds Write vulnerability in Freedesktop Poppler 0.75.0

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

6.5
2023-08-22 CVE-2020-19185 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2020-19186 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2020-19187 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

6.5
2023-08-22 CVE-2023-38908 TP Link Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.

6.5
2023-08-22 CVE-2023-38909 TP Link Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

6.5
2023-08-22 CVE-2023-38906 TP Link Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

6.5
2023-08-21 CVE-2023-4417 Devolutions Unspecified vulnerability in Devolutions Remote Desktop Manager

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.

6.5
2023-08-21 CVE-2023-4456 Redhat Unspecified vulnerability in Redhat Openshift Logging

A flaw was found in openshift-logging LokiStack.

6.5
2023-08-21 CVE-2023-4455 Wallabag Cross-Site Request Forgery (CSRF) vulnerability in Wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.

6.5
2023-08-23 CVE-2023-20200 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests.

6.3
2023-08-27 CVE-2023-4555 Inventory Management System Project Cross-site Scripting vulnerability in Inventory Management System Project Inventory Management System 1.0

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic.

6.1
2023-08-26 CVE-2023-4547 SPA Cart Cross-site Scripting vulnerability in Spa-Cart Ecommerce CMS 1.9.0.3

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3.

6.1
2023-08-25 CVE-2023-41080 Apache
Debian
Open Redirect vulnerability in multiple products

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.

6.1
2023-08-25 CVE-2023-39600 Icewarp Cross-site Scripting vulnerability in Icewarp 11.4.6.0

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

6.1
2023-08-25 CVE-2023-4534 Neomind Cross-site Scripting vulnerability in Neomind Fusion Platform

A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731.

6.1
2023-08-25 CVE-2023-41249 Jetbrains Cross-site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

6.1
2023-08-25 CVE-2023-41250 Jetbrains Cross-site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

6.1
2023-08-25 CVE-2023-32598 Shooflysolutions Cross-site Scripting vulnerability in Shooflysolutions Featured Image PRO Post Grid

Unauth.

6.1
2023-08-25 CVE-2023-32603 Rednao Cross-site Scripting vulnerability in Rednao Smart Donations

Unauth.

6.1
2023-08-25 CVE-2023-32797 I13Websolution Cross-site Scripting vulnerability in I13Websolution Video Carousel Slider With Lightbox

Unauth.

6.1
2023-08-25 CVE-2023-32518 Wpplugins Cross-site Scripting vulnerability in Wpplugins WP Chinese Conversion

Unauth.

6.1
2023-08-25 CVE-2023-4520 Foliovision Unspecified vulnerability in Foliovision FV Flowplayer Video Player

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping.

6.1
2023-08-25 CVE-2023-39700 Icewarp Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.5

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

6.1
2023-08-24 CVE-2023-40030 Rust Lang Cross-site Scripting vulnerability in Rust-Lang Rust

Cargo downloads a Rust project’s dependencies and compiles the project.

6.1
2023-08-24 CVE-2023-32510 Cagewebdev Cross-site Scripting vulnerability in Cagewebdev Order Your Posts Manually

Unauth.

6.1
2023-08-24 CVE-2023-32511 Bookingultrapro Cross-site Scripting vulnerability in Bookingultrapro Booking Ultra PRO Appointments Booking Calendar

Unauth.

6.1
2023-08-24 CVE-2023-32516 Oracle Cross-site Scripting vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation

Unauth.

6.1
2023-08-23 CVE-2023-28994 Uxthemes Cross-site Scripting vulnerability in Uxthemes Flatsome

Unauth.

6.1
2023-08-23 CVE-2023-32300 Yoast Cross-site Scripting vulnerability in Yoast SEO

Unauth.

6.1
2023-08-23 CVE-2023-32509 Cagewebdev Cross-site Scripting vulnerability in Cagewebdev Order Your Posts Manually

Unauth.

6.1
2023-08-23 CVE-2023-32236 Bookingultrapro Cross-site Scripting vulnerability in Bookingultrapro Appointments Booking Calendar

Unauth.

6.1
2023-08-23 CVE-2023-32499 Netmix Cross-site Scripting vulnerability in Netmix Radio Station

Unauth.

6.1
2023-08-23 CVE-2023-32119 Wpo365 Cross-site Scripting vulnerability in Wpo365 Mail Integration for Office 365 / Outlook

Unauth.

6.1
2023-08-23 CVE-2023-41098 Misp Cross-site Scripting vulnerability in Misp 2.4.174

An issue was discovered in MISP 2.4.174.

6.1
2023-08-22 CVE-2020-22181 Samsung Cross-site Scripting vulnerability in Samsung Sww-3400Rw Firmware

A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi

6.1
2023-08-22 CVE-2020-23992 Nagios Cross-site Scripting vulnerability in Nagios XI 5.7.1

Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.

6.1
2023-08-22 CVE-2022-41444 Cacti Cross-site Scripting vulnerability in Cacti 1.2.21

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

6.1
2023-08-22 CVE-2022-44215 Southrivertech Open Redirect vulnerability in Southrivertech Titan FTP Server

There is an open redirect vulnerability in Titan FTP server 19.0 and below.

6.1
2023-08-22 CVE-2022-45582 Openstack Open Redirect vulnerability in Openstack Horizon

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

6.1
2023-08-22 CVE-2022-48547 Cacti Cross-site Scripting vulnerability in Cacti

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

6.1
2023-08-22 CVE-2023-24514 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc.

6.1
2023-08-22 CVE-2023-37425 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.

6.1
2023-08-22 CVE-2023-37439 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.

6.1
2023-08-21 CVE-2023-4303 Jenkins Cross-site Scripting vulnerability in Jenkins Fortify

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

6.1
2023-08-21 CVE-2023-3936 Adenion Unspecified vulnerability in Adenion Blog2Social

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-08-21 CVE-2023-3954 Multiparcels Cross-site Scripting vulnerability in Multiparcels Shipping for Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-08-21 CVE-2023-3481 Google Cross-site Scripting vulnerability in Google Critters

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug.

6.1
2023-08-21 CVE-2023-39543 Luxsoft Cross-site Scripting vulnerability in Luxsoft Luxcal web Calendar

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

6.1
2023-08-23 CVE-2023-20234 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used.

6.0
2023-08-23 CVE-2023-39441 Apache Improper Certificate Validation vulnerability in Apache Airflow

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

5.9
2023-08-22 CVE-2020-22217 C Ares
Debian
Out-of-bounds Read vulnerability in multiple products

Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

5.9
2023-08-22 CVE-2022-48566 Python
Debian
Netapp
Race Condition vulnerability in multiple products

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1.

5.9
2023-08-21 CVE-2023-4454 Wallabag Cross-Site Request Forgery (CSRF) vulnerability in Wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.

5.7
2023-08-25 CVE-2023-39287 Mitel Argument Injection or Modification vulnerability in Mitel Mivoice Connect

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization.

5.5
2023-08-25 CVE-2023-39288 Mitel Argument Injection or Modification vulnerability in Mitel Mivoice Connect

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization.

5.5
2023-08-25 CVE-2023-40164 Notepad Plus Plus Classic Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++

Notepad++ is a free and open-source source code editor.

5.5
2023-08-25 CVE-2023-40166 Notepad Plus Plus Heap-based Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++

Notepad++ is a free and open-source source code editor.

5.5
2023-08-25 CVE-2023-24620 Esotericsoftware XXE vulnerability in Esotericsoftware Yamlbeans

An issue was discovered in Esoteric YamlBeans through 1.15.

5.5
2023-08-25 CVE-2023-40036 Notepad Plus Plus Classic Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++

Notepad++ is a free and open-source source code editor.

5.5
2023-08-25 CVE-2023-39742 Giflib Project Classic Buffer Overflow vulnerability in Giflib Project Giflib 5.2.1

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

5.5
2023-08-24 CVE-2023-4508 Gerbv Project Access of Uninitialized Pointer vulnerability in Gerbv Project Gerbv

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

5.5
2023-08-24 CVE-2023-40371 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls.

5.5
2023-08-23 CVE-2023-4042 Artifex
Redhat
Out-of-bounds Write vulnerability in multiple products

A flaw was found in ghostscript.

5.5
2023-08-23 CVE-2023-39986 Hitachi Out-of-bounds Read vulnerability in Hitachi Eh-View

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations.

5.5
2023-08-22 CVE-2020-19724 GNU Memory Leak vulnerability in GNU Binutils

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

5.5
2023-08-22 CVE-2020-21047 Elfutils Project Out-of-bounds Write vulnerability in Elfutils Project Elfutils 0.177

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

5.5
2023-08-22 CVE-2020-21490 GNU Memory Leak vulnerability in GNU Binutils

An issue was discovered in GNU Binutils 2.34.

5.5
2023-08-22 CVE-2020-21528 Nasm Unspecified vulnerability in Nasm Netwide Assembler 2.14.03/2.15

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.

5.5
2023-08-22 CVE-2020-21679 Graphicsmagick Out-of-bounds Write vulnerability in Graphicsmagick 1.4

Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.

5.5
2023-08-22 CVE-2020-21685 Nasm Out-of-bounds Write vulnerability in Nasm Netwide Assembler 2.15

Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

5.5
2023-08-22 CVE-2020-21686 Nasm Unspecified vulnerability in Nasm Netwide Assembler

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

5.5
2023-08-22 CVE-2020-21687 Nasm Out-of-bounds Write vulnerability in Nasm Netwide Assembler 2.15

Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

5.5
2023-08-22 CVE-2020-21710 Artifex Divide By Zero vulnerability in Artifex Ghostscript 9.50

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.

5.5
2023-08-22 CVE-2020-21723 OGG Video Tools Project Unspecified vulnerability in OGG Video Tools Project OGG Video Tools 0.9.1

A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.

5.5
2023-08-22 CVE-2020-21896 Artifex Use After Free vulnerability in Artifex Mupdf 1.16.0

A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.

5.5
2023-08-22 CVE-2020-22916 Tukaani Unspecified vulnerability in Tukaani XZ 5.2.5

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file.

5.5
2023-08-22 CVE-2020-26683 Artifex Memory Leak vulnerability in Artifex Mupdf 1.17.0

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

5.5
2023-08-22 CVE-2022-29654 Nasm Classic Buffer Overflow vulnerability in Nasm Netwide Assembler

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

5.5
2023-08-22 CVE-2022-35205 GNU Reachable Assertion vulnerability in GNU Binutils 2.38.50

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

5.5
2023-08-22 CVE-2022-35206 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.38.50

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

5.5
2023-08-22 CVE-2022-47007 GNU Memory Leak vulnerability in GNU Binutils

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

5.5
2023-08-22 CVE-2022-47008 GNU Memory Leak vulnerability in GNU Binutils

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

5.5
2023-08-22 CVE-2022-47010 GNU Memory Leak vulnerability in GNU Binutils

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

5.5
2023-08-22 CVE-2022-47011 GNU Memory Leak vulnerability in GNU Binutils

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

5.5
2023-08-22 CVE-2022-48063 GNU Resource Exhaustion vulnerability in GNU Binutils

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c.

5.5
2023-08-22 CVE-2022-48064 GNU
Fedoraproject
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c.

5.5
2023-08-22 CVE-2022-48065 GNU
Netapp
Fedoraproject
Memory Leak vulnerability in multiple products

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

5.5
2023-08-22 CVE-2022-48545 Xpdfreader Uncontrolled Recursion vulnerability in Xpdfreader Xpdf 4.02

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.

5.5
2023-08-22 CVE-2022-48554 File Project
Debian
Out-of-bounds Read vulnerability in multiple products

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c.

5.5
2023-08-22 CVE-2023-38665 Nasm NULL Pointer Dereference vulnerability in Nasm Netwide Assembler 2.16

Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).

5.5
2023-08-22 CVE-2023-38666 Axiosys Unspecified vulnerability in Axiosys Bento4 1.6.0639

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.

5.5
2023-08-22 CVE-2023-38667 Nasm Out-of-bounds Read vulnerability in Nasm Netwide Assembler 2.16

Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.

5.5
2023-08-22 CVE-2023-38668 Nasm Out-of-bounds Read vulnerability in Nasm Netwide Assembler 2.16

Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).

5.5
2023-08-22 CVE-2023-3699 Asustor Unspecified vulnerability in Asustor Data Master

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration.

5.5
2023-08-22 CVE-2023-4475 Asustor Files or Directories Accessible to External Parties vulnerability in Asustor Data Master

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories.

5.5
2023-08-22 CVE-2020-18768 Libtiff Out-of-bounds Write vulnerability in Libtiff 4.0.10

There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.

5.5
2023-08-22 CVE-2020-18770 Zziplib Project Unspecified vulnerability in Zziplib Project Zziplib 0.13.69

An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.

5.5
2023-08-22 CVE-2020-18780 Nasm Use After Free vulnerability in Nasm Netwide Assembler 2.14.02

A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.

5.5
2023-08-22 CVE-2020-18781 Audiofile Out-of-bounds Write vulnerability in Audiofile 0.3.6

Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

5.5
2023-08-21 CVE-2023-4459 Linux
Redhat
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel.

5.5
2023-08-27 CVE-2022-43909 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.4

IBM Security Guardium 11.4 is vulnerable to cross-site scripting.

5.4
2023-08-27 CVE-2023-30435 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting.

5.4
2023-08-27 CVE-2023-30436 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting.

5.4
2023-08-27 CVE-2023-33852 IBM SQL Injection vulnerability in IBM Security Guardium 11.4

IBM Security Guardium 11.4 is vulnerable to SQL injection.

5.4
2023-08-25 CVE-2023-39707 Free AND Open Source Inventory Management System Project Cross-site Scripting vulnerability in Free and Open Source Inventory Management System Project Free and Open Source Inventory Management System 1.0

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.

5.4
2023-08-25 CVE-2023-41248 Jetbrains Cross-site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

5.4
2023-08-25 CVE-2023-25981 Themekraft Cross-site Scripting vulnerability in Themekraft Post Form

Auth.

5.4
2023-08-25 CVE-2023-32576 Plainwaire Cross-site Scripting vulnerability in Plainwaire Locatoraid Store Locator

Auth.

5.4
2023-08-25 CVE-2023-38973 Uatech Cross-site Scripting vulnerability in Uatech Badaso 2.9.7

A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

5.4
2023-08-25 CVE-2023-38974 Uatech Cross-site Scripting vulnerability in Uatech Badaso 2.9.7

A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

5.4
2023-08-25 CVE-2023-40577 Prometheus
Debian
Cross-site Scripting vulnerability in multiple products

Alertmanager handles alerts sent by client applications such as the Prometheus server.

5.4
2023-08-24 CVE-2023-40874 Dedecms Cross-site Scripting vulnerability in Dedecms

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.

5.4
2023-08-24 CVE-2023-40875 Dedecms Cross-site Scripting vulnerability in Dedecms

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.

5.4
2023-08-24 CVE-2023-40876 Dedecms Cross-site Scripting vulnerability in Dedecms

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.

5.4
2023-08-24 CVE-2023-40877 Dedecms Cross-site Scripting vulnerability in Dedecms

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.

5.4
2023-08-23 CVE-2023-40176 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

5.4
2023-08-23 CVE-2023-20115 Cisco Unspecified vulnerability in Cisco Nx-Os

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.

5.4
2023-08-23 CVE-2023-20230 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G)

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries.

5.4
2023-08-23 CVE-2023-40282 Rakuten Improper Authentication vulnerability in Rakuten Wifi Pocket Firmware

Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen.

5.4
2023-08-22 CVE-2023-24516 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction.

5.4
2023-08-22 CVE-2023-37421 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

5.4
2023-08-22 CVE-2023-37422 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

5.4
2023-08-22 CVE-2023-37423 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

5.4
2023-08-22 CVE-2023-39599 Cszcms Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0

Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.

5.4
2023-08-21 CVE-2023-4301 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Fortify

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

5.4
2023-08-21 CVE-2023-39094 Zerowdd Cross-site Scripting vulnerability in Zerowdd Studentmanager 1.0

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.

5.4
2023-08-21 CVE-2023-4453 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

5.4
2023-08-21 CVE-2023-40068 Advancedcustomfields Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields 6.1.5/6.1.6

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

5.4
2023-08-27 CVE-2023-30437 IBM Unspecified vulnerability in IBM Security Guardium 11.3/11.4/11.5

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request.

5.3
2023-08-25 CVE-2023-40587 Agendaless
Fedoraproject
Path Traversal vulnerability in multiple products

Pyramid is an open source Python web framework.

5.3
2023-08-25 CVE-2023-25848 Esri Cleartext Transmission of Sensitive Information vulnerability in Esri Arcgis Server 10.8.1/10.9.0/10.9.1

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.

5.3
2023-08-25 CVE-2023-3425 M Files Out-of-bounds Read vulnerability in M-Files Classic web 23.2

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

5.3
2023-08-25 CVE-2023-32755 Edetw Information Exposure Through an Error Message vulnerability in Edetw U-Office Force 20.0.7668D

e-Excellence U-Office Force generates an error message in webiste service.

5.3
2023-08-25 CVE-2023-40179 Silverwaregames Response Discrepancy Information Exposure vulnerability in Silverwaregames 1.1.8/1.1.9

Silverware Games is a premium social network where people can play games online.

5.3
2023-08-25 CVE-2023-40182 Silverwaregames Information Exposure Through Timing Discrepancy vulnerability in Silverwaregames 1.1.8/1.1.9/1.3.6

Silverware Games is a premium social network where people can play games online.

5.3
2023-08-25 CVE-2023-40217 Python Unspecified vulnerability in Python

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.

5.3
2023-08-25 CVE-2023-40570 Datasette Unspecified vulnerability in Datasette 1.0

Datasette is an open source multi-tool for exploring and publishing data.

5.3
2023-08-24 CVE-2023-34973 Qnap Insufficient Entropy vulnerability in Qnap QTS and Quts Hero

An insufficient entropy vulnerability has been reported to affect QNAP operating systems.

5.3
2023-08-24 CVE-2023-40708 Opto22 Unspecified vulnerability in Opto22 Snap PAC S1 Firmware R10.3B

The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b.

5.3
2023-08-24 CVE-2023-3704 Cpplusworld Improper Input Validation vulnerability in Cpplusworld products

The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products.

5.3
2023-08-24 CVE-2023-4230 Moxa Exposure of Resource to Wrong Sphere vulnerability in Moxa Iologik E4200 Firmware 1.6

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices.

5.3
2023-08-23 CVE-2023-40178 Node Saml Project Insufficient Session Expiration vulnerability in Node Saml Project Node Saml

Node-SAML is a SAML library not dependent on any frameworks that runs in Node.

5.3
2023-08-23 CVE-2023-41100 Hcaptcha FOR EXT Unspecified vulnerability in Hcaptcha for Ext:Form Project Hcaptcha for Ext:Form

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3.

5.3
2023-08-22 CVE-2023-40370 IBM Unspecified vulnerability in IBM products

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.

5.3
2023-08-22 CVE-2022-48538 Cacti Incorrect Authorization vulnerability in Cacti 1.2.19

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

5.3
2023-08-22 CVE-2023-37440 Arubanetworks Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack.

5.3
2023-08-25 CVE-2023-39290 Mitel Unspecified vulnerability in Mitel Mivoice Connect

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration.

4.9
2023-08-25 CVE-2023-39291 Mitel Unspecified vulnerability in Mitel Mivoice Connect

A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration.

4.9
2023-08-24 CVE-2023-39519 Fit2Cloud Information Exposure vulnerability in Fit2Cloud Cloudexplorer Lite

Cloud Explorer Lite is an open source cloud management platform.

4.9
2023-08-22 CVE-2022-40433 Oracle Unspecified vulnerability in Oracle Openjdk

An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.

4.9
2023-08-22 CVE-2023-23565 Geomatika Unspecified vulnerability in Geomatika Isigeo web 6.0

An issue was discovered in Geomatika IsiGeo Web 6.0.

4.9
2023-08-25 CVE-2020-11711 Stormshield Cross-site Scripting vulnerability in Stormshield Network Security

An issue was discovered in Stormshield SNS 3.8.0.

4.8
2023-08-25 CVE-2023-41167 Webiny Cross-site Scripting vulnerability in Webiny

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers.

4.8
2023-08-25 CVE-2023-24394 Iframe Project Cross-site Scripting vulnerability in Iframe Project Iframe

Auth.

4.8
2023-08-25 CVE-2023-32575 Woocommerce Cross-site Scripting vulnerability in Woocommerce

Auth.

4.8
2023-08-25 CVE-2023-32595 Palasthotel Cross-site Scripting vulnerability in Palasthotel Sunny Search

Auth.

4.8
2023-08-25 CVE-2023-32596 Wolfgangertl Cross-site Scripting vulnerability in Wolfgangertl Weebotlite

Auth.

4.8
2023-08-25 CVE-2023-32577 Devbuddy Cross-site Scripting vulnerability in Devbuddy Twitter Feed

Auth.

4.8
2023-08-25 CVE-2023-32584 Ebecas Cross-site Scripting vulnerability in Ebecas

Auth.

4.8
2023-08-25 CVE-2023-32591 Cloudprimero Cross-site Scripting vulnerability in Cloudprimero Dbargain

Auth.

4.8
2023-08-24 CVE-2023-39521 Enalean Cross-site Scripting vulnerability in Enalean Tuleap

Tuleap is an open source suite to improve management of software developments and collaboration.

4.8
2023-08-23 CVE-2023-36317 Student Study Center Desk Management System Project Cross-site Scripting vulnerability in Student Study Center Desk Management System Project Student Study Center Desk Management System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.

4.8
2023-08-23 CVE-2023-32505 Ciphercoin Cross-site Scripting vulnerability in Ciphercoin Easy Hide Login

Auth.

4.8
2023-08-23 CVE-2023-32496 Stopbadbots Cross-site Scripting vulnerability in Stopbadbots Block BAD Bots and Stop BAD Bots Crawlers and Spiders and Anti Spam Protection

Auth.

4.8
2023-08-23 CVE-2023-32497 Supersoju Cross-site Scripting vulnerability in Supersoju Block Referer Spam

Auth.

4.8
2023-08-23 CVE-2023-32498 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Easy Form

Auth.

4.8
2023-08-21 CVE-2023-3667 Bitapps Unspecified vulnerability in Bitapps BIT Assist

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-08-25 CVE-2023-40530 Skylark Missing Authorization vulnerability in Skylark

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

4.7
2023-08-24 CVE-2023-4229 Moxa Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Iologik E4200 Firmware 1.6

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks.

4.7
2023-08-22 CVE-2022-47022 Open MPI NULL Pointer Dereference vulnerability in Open-Mpi Hwloc

An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.

4.7
2023-08-24 CVE-2023-39801 Renault Improper Handling of Exceptional Conditions vulnerability in Renault Easy Link 283C35519R

A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play feature.

4.6
2023-08-23 CVE-2022-3743 Lenovo Information Exposure vulnerability in Lenovo products

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.

4.4
2023-08-23 CVE-2022-3745 Lenovo Information Exposure vulnerability in Lenovo products

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

4.4
2023-08-22 CVE-2020-21469 Postgresql Classic Buffer Overflow vulnerability in Postgresql 12.2

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals.

4.4
2023-08-22 CVE-2020-27418 Fedoraproject Use After Free vulnerability in Fedoraproject Fedora Linux Kernel 5.9.0

A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.

4.4
2023-08-22 CVE-2022-44730 Apache
Debian
Server-Side Request Forgery (SSRF) vulnerability in multiple products

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

4.4
2023-08-26 CVE-2023-4544 Byzoro Forced Browsing vulnerability in Byzoro Smart S85F Management Platform

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809.

4.3
2023-08-24 CVE-2023-38508 Enalean Missing Authorization vulnerability in Enalean Tuleap

Tuleap is an open source suite to improve management of software developments and collaboration.

4.3
2023-08-24 CVE-2023-4228 Moxa Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application.

4.3
2023-08-22 CVE-2023-38733 IBM Information Exposure Through Log Files vulnerability in IBM Robotic Process Automation

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.

4.3
2023-08-22 CVE-2023-38732 IBM Information Exposure Through Log Files vulnerability in IBM products

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs.

4.3
2023-08-21 CVE-2023-4302 Jenkins Missing Authorization vulnerability in Jenkins Fortify

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2023-08-21 CVE-2023-3366 Multiparcels Unspecified vulnerability in Multiparcels Shipping for Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-21 CVE-2023-39061 Chamilo Cross-Site Request Forgery (CSRF) vulnerability in Chamilo

Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

3.5
2023-08-22 CVE-2020-19909 Haxx Integer Overflow or Wraparound vulnerability in Haxx Curl 7.65.2

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay.

3.3
2023-08-21 CVE-2023-38158 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

3.1