Weekly Vulnerabilities Reports > September 4 to 10, 2023

A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9.

A vulnerability was found in SourceCodester Contact Manager App 1.0.

A vulnerability was found in SourceCodester Contact Manager App 1.0.

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic.

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file.

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges.

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character.

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character.

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character.

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character.

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character.

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

A logic issue was addressed with improved state management.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Cacti is an open source operational monitoring and fault management framework.

Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges.

TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement.

An issue was discovered in NOKIA AMS 9.7.05.

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519.

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests.

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072.

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072.

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands.

Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands.

Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands.

Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions.

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration.

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes.

A validation issue was addressed with improved logic.

A buffer overflow issue was addressed with improved memory handling.

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure.

Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure.

Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure.

Soar Cloud Ltd.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability.

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability.

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e.

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability.

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability.

Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

The issue was addressed with improved memory handling.

A logic issue was addressed with improved checks.

This issue was addressed with improved file handling.

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Cacti is an open source operational monitoring and fault management framework.

BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2.

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

Memory corruption due to improper validation of array index in Audio.

Memory Corruption due to improper validation of array index in Linux while updating adn record.

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

Memory corruption in Audio during playback session with audio effects enabled.

Memory corruption in Audio while validating and mapping metadata.

Memory corruption in Core Platform while printing the response buffer in log.

Memory Corruption while accessing metadata in Display.

Memory Corruption in Core Platform while printing the response buffer in log.

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN HAL while parsing WMI command parameters.

Memory corruption in Graphics while processing user packets for command submission.

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability.

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage.

AccessControl provides a general security framework for use in Zope.

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

A vulnerability was found in SourceCodester Simple Membership System 1.0.

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

A vulnerability was found in SourceCodester Simple Membership System 1.0.

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request.

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.

SolarView Compact < 6.00 is vulnerable to Directory Traversal.

GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123).

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920).

An Issue in Buffalo America, Inc.

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic.

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue.

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed.

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol.

Frappe is a low code web framework written in Python and Javascript.

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.

Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information.

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072.

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server.

Transient DOS in Modem while processing invalid System Information Block 1.

Transient DOS in Modem while processing RRC reconfiguration message.

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

An issue was discovered in FRRouting FRR through 9.0.

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807.

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls.

Parse Server is an open source backend server.

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine.

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token.

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant.

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input.

In LTE protocol stack, there is a possible missing permission check.

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??.

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path.

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication.

It is identified a format string vulnerability in ASUS RT-AX56U V2.

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API.

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API.

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code.

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface.

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature.

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout.

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow.

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version.

Cacti is an open source operational monitoring and fault management framework.

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.

In wlan service, there is a possible command injection due to improper input validation.

An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00.

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.

A race condition was addressed with improved state handling.

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue.

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability.

A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root.

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

In nvram, there is a possible out of bounds write due to a missing bounds check.

In netdagent, there is a possible out of bounds write due to a missing bounds check.

In gps, there is a possible out of bounds write due to a missing bounds check.

In gps, there is a possible out of bounds write due to a missing bounds check.

In gps, there is a possible out of bounds write due to a missing bounds check.

In gps, there is a possible out of bounds write due to a missing bounds check.

In gps, there is a possible out of bounds write due to a missing bounds check.

In seninf, there is a possible out of bounds write due to a missing bounds check.

In wlan driver, there is a possible out of bounds write due to improper input validation.

In connectivity system driver, there is a possible out of bounds write due to improper input validation.

In gnss service, there is a possible out of bounds write due to improper input validation.

In gnss service, there is a possible out of bounds write due to a missing bounds check.

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

WireMock is a tool for mocking HTTP services.

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself.

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

Argo CD is a declarative continuous deployment for Kubernetes.

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports.

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.

A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

This issue was addressed with improved state management.

A denial-of-service issue was addressed with improved input validation.

Error handling was changed to not reveal sensitive information.

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072.

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072.

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation.

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking.

In imgsys, there is a possible out of bounds write due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking.

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking.

In power, there is a possible out of bounds write due to an insecure default value.

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence.

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence.

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing.

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.

In ims service, there is a possible memory corruption due to a race condition.

In pda, there is a possible use after free due to a race condition.

In camsys, there is a possible use after free due to a race condition.

Cacti is an open source operational monitoring and fault management framework.

In stc, there is a possible out of bounds read due to a race condition.

A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0.

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0.

A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0.

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation.

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts.

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts.

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.

Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request.

A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping.

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data.

Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

Unauth.

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2.

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques.

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc.

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices.

Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.

PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data.

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file.

Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file.

The issue was addressed with improved checks.

An out-of-bounds read was addressed with improved input validation.

A privacy issue was addressed with improved handling of temporary files.

This issue was addressed with improved checks to prevent unauthorized actions.

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process.

Information disclosure in Automotive multimedia due to buffer over-read.

ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width.

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go.

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.

hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file.

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60.

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

In duraspeed, there is a possible information disclosure due to a missing permission check.

In duraspeed, there is a possible information disclosure due to a missing permission check.

In cta, there is a possible information disclosure due to a missing permission check.

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

In ims service, there is a possible missing permission check.

In ims service, there is a possible missing permission check.

In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'.

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting.

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection.

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem.

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.

Tolgee is an open-source localization platform.

A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes.

WireMock is a tool for mocking HTTP services.

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability.

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.

Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'.

A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters.

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

Auth.

Auth.

Auth.

Auth.

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration.

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Fiber is an Express inspired web framework built in the go language.

In some configuration scenarios, the Domino server host name can be exposed.

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers.

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

A permissions issue was addressed with improved redaction of sensitive information.

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return.

Cerebrate before 1.15 lacks the Secure attribute for the session cookie.

Vyper is a Pythonic Smart Contract Language.

Vyper is a Pythonic Smart Contract Language.

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device.

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions.

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

Cacti is an open source operational monitoring and fault management framework.

Auth.

Auth.

Auth.

Auth.

Auth.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

Cacti is an open source operational monitoring and fault management framework.

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping.

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Auth.

Auth.

Auth.

Auth.

Auth.

Auth.

Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software.

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

An insertion of sensitive information into Log file vulnerability has been reported to affect product.

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

In cmdq, there is a possible out of bounds read due to an incorrect status check.

In keyinstall, there is a possible information disclosure due to a missing bounds check.

In camsys, there is a possible out of bounds read due to a missing bounds check.

In wlan service, there is a possible out of bounds read due to improper input validation.

In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface.

In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface.

In bluetooth driver, there is a possible out of bounds read due to improper input validation.

In gnss service, there is a possible out of bounds write due to improper input validation.

In gnss service, there is a possible out of bounds read due to improper input validation.

In gnss service, there is a possible out of bounds read due to improper input validation.

In gnss service, there is a possible out of bounds read due to improper input validation.

In gnss service, there is a possible out of bounds read due to improper input validation.

In camera driver, there is a possible out of bounds read due to a missing bounds check.

In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed

In Ifaa service, there is a possible missing permission check.

In camera driver, there is a possible out of bounds write due to a missing bounds check.

In urild service, there is a possible out of bounds write due to a missing bounds check.

In urild service, there is a possible out of bounds write due to a missing bounds check.

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1.

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0.

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. 

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.

A logic issue was addressed with improved state management.

Cacti is an open source operational monitoring and fault management framework.

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072.

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072.

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

In imgsys, there is a possible out of bounds read due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking.

In imgsys, there is a possible out of bounds read due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking.

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking.

In imgsys, there is a possible out of bounds read due to a race condition.

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

An issue was discovered in Exynos Mobile Processor 980 and 2100.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

This issue was addressed with improved redaction of sensitive information.

A privacy issue was addressed with improved private data redaction for log entries.

Redis is an in-memory database that persists on disk.

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

A privacy issue was addressed with improved private data redaction for log entries.

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack.