Weekly Vulnerabilities Reports > October 2 to 8, 2023

Overview

476 new vulnerabilities reported during this period, including 68 critical vulnerabilities and 208 high severity vulnerabilities. This weekly summary report vulnerabilities in 960 products from 243 vendors including Google, Qualcomm, Redhat, Fedoraproject, and Dlink. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Missing Authorization", "SQL Injection", and "Out-of-bounds Write".

  • 353 reported vulnerabilities are remotely exploitables.
  • 156 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 255 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 41 reported vulnerabilities.
  • Themevolty has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

68 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-07 CVE-2023-45199 ARM Classic Buffer Overflow vulnerability in ARM Mbed TLS 3.2.0/3.3.0

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

9.8
2023-10-06 CVE-2023-3725 Zephyrproject Out-of-bounds Write vulnerability in Zephyrproject Zephyr

Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem

9.8
2023-10-06 CVE-2023-45311 Fsevents Project Code Injection vulnerability in Fsevents Project Fsevents

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.

9.8
2023-10-06 CVE-2023-45239 Facebook
Fedoraproject
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
9.8
2023-10-06 CVE-2023-5214 Puppet Improper Privilege Management vulnerability in Puppet Bolt

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

9.8
2023-10-06 CVE-2023-44807 Dlink Out-of-bounds Write vulnerability in Dlink Dir-820L Firmware 1.05B03

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.

9.8
2023-10-06 CVE-2023-38703 Teluu Use After Free vulnerability in Teluu Pjsip

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages.

9.8
2023-10-06 CVE-2023-43058 IBM Unspecified vulnerability in IBM products

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects.

9.8
2023-10-06 CVE-2023-4530 Turnatasarim SQL Injection vulnerability in Turnatasarim Advertising Administration Panel

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.

9.8
2023-10-06 CVE-2015-10126 Steven Ellis SQL Injection vulnerability in Steven Ellis Easy2Map Photos

A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress.

9.8
2023-10-06 CVE-2023-26153 Geokit Deserialization of Untrusted Data vulnerability in Geokit Geokit-Rails

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie.

9.8
2023-10-05 CVE-2023-43269 Pigcms Unrestricted Upload of File with Dangerous Type vulnerability in Pigcms 7.0

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.

9.8
2023-10-05 CVE-2023-40920 Prixan SQL Injection vulnerability in Prixan Prixanconnect 1.61

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().

9.8
2023-10-05 CVE-2023-43981 Presto Changeo Deserialization of Untrusted Data vulnerability in Presto-Changeo Test Site Creator 1.1.1

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.

9.8
2023-10-05 CVE-2023-43983 Presto Changeo SQL Injection vulnerability in Presto-Changeo Attribute Grid 2.0.3

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

9.8
2023-10-05 CVE-2023-44024 Knowband SQL Injection vulnerability in Knowband ONE Page Checkout, Social Login & Mailchimp 8.0.3

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.

9.8
2023-10-05 CVE-2023-32485 Dell Improper Input Validation vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability.

9.8
2023-10-05 CVE-2023-5423 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Pizza Ordering System 1.0

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical.

9.8
2023-10-04 CVE-2023-35803 Extremenetworks Classic Buffer Overflow vulnerability in Extremenetworks IQ Engine 10.6R1

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

9.8
2023-10-04 CVE-2023-36619 Unify Improper Input Validation vulnerability in Unify Session Border Controller 10R3.01.03

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.

9.8
2023-10-04 CVE-2023-41094 Silabs Missing Release of Resource after Effective Lifetime vulnerability in Silabs Emberznet

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

9.8
2023-10-04 CVE-2023-5391 Schneider Electric Deserialization of Untrusted Data vulnerability in Schneider-Electric products

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

9.8
2023-10-04 CVE-2023-5399 Schneider Electric Path Traversal vulnerability in Schneider-Electric Spacelogic C-Bus Toolkit

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command.

9.8
2023-10-04 CVE-2023-5402 Schneider Electric Improper Privilege Management vulnerability in Schneider-Electric C-Bus Toolkit

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

9.8
2023-10-04 CVE-2023-20101 Cisco Use of Hard-coded Credentials vulnerability in Cisco Emergency Responder 12.5(1)Su4

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development.

9.8
2023-10-04 CVE-2022-36276 Tcman SQL Injection vulnerability in Tcman GIM 8.0.1

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'.

9.8
2023-10-04 CVE-2023-22515 Atlassian Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

9.8
2023-10-04 CVE-2023-5374 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-10-04 CVE-2023-4491 Easy Address Book WEB Server Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version.

9.8
2023-10-04 CVE-2023-4494 Easy Chat Server Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Chat Server Project Easy Chat Server 3.1

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version.

9.8
2023-10-04 CVE-2023-5373 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-10-04 CVE-2023-2809 Sage Cleartext Storage of Sensitive Information vulnerability in Sage 200 Spain 2023.38.001

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application.

9.8
2023-10-04 CVE-2023-37404 IBM Unspecified vulnerability in IBM Observability With Instana

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack.

9.8
2023-10-03 CVE-2023-39647 Themevolty SQL Injection vulnerability in Themevolty Theme Volty CMS Category Product 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop.

9.8
2023-10-03 CVE-2023-39646 Themevolty SQL Injection vulnerability in Themevolty Theme Volty CMS Category Chain Slider 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop.

9.8
2023-10-03 CVE-2023-39648 Themevolty SQL Injection vulnerability in Themevolty Theme Volty CMS Testimonial 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop.

9.8
2023-10-03 CVE-2023-39649 Themevolty SQL Injection vulnerability in Themevolty Theme Volty CMS Category Slider 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop.

9.8
2023-10-03 CVE-2023-39651 Themevolty SQL Injection vulnerability in Themevolty Theme Volty CMS Brandlist 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

9.8
2023-10-03 CVE-2023-33268 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-33269 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-33270 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-33271 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-33272 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-33273 DTS OS Command Injection vulnerability in DTS Monitoring 3.57.0

An issue was discovered in DTS Monitoring 3.57.0.

9.8
2023-10-03 CVE-2023-39645 Themevolty SQL Injection vulnerability in Themevolty CMS Payment Icon 4.0.1

Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop.

9.8
2023-10-03 CVE-2023-44973 Emlog Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8
2023-10-03 CVE-2023-44974 Emlog Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8
2023-10-03 CVE-2023-40830 Tenda Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.19

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.

9.8
2023-10-03 CVE-2022-47893 Riello UPS Unrestricted Upload of File with Dangerous Type vulnerability in Riello-Ups Netman 204 Firmware

There is a remote code execution vulnerability that affects all versions of NetMan 204.

9.8
2023-10-03 CVE-2023-3654 Cashit Origin Validation Error vulnerability in Cashit Cashit! 03.A06Rks2023.02.37

cashIT! - serving solutions.

9.8
2023-10-03 CVE-2023-3656 Cashit Code Injection vulnerability in Cashit Cashit! 03.A06Rks2023.02.37

cashIT! - serving solutions.

9.8
2023-10-03 CVE-2023-22385 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

9.8
2023-10-03 CVE-2023-24855 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

9.8
2023-10-03 CVE-2023-33028 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

9.8
2023-10-02 CVE-2023-43980 Presto Changeo SQL Injection vulnerability in Presto-Changeo Testsitecreator

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

9.8
2023-10-02 CVE-2023-43891 Netis Systems Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function.

9.8
2023-10-02 CVE-2023-43892 Netis Systems OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings.

9.8
2023-10-02 CVE-2023-43893 Netis Systems OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function.

9.8
2023-10-02 CVE-2023-44011 Mojoportal Unspecified vulnerability in Mojoportal 2.7.0.0

An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.

9.8
2023-10-02 CVE-2023-44008 Mojoportal Unrestricted Upload of File with Dangerous Type vulnerability in Mojoportal 2.7.0.0

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.

9.8
2023-10-02 CVE-2023-44009 Mojoportal Unrestricted Upload of File with Dangerous Type vulnerability in Mojoportal 2.7.0.0

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.

9.8
2023-10-02 CVE-2023-4659 Free5Gc Cross-Site Request Forgery (CSRF) vulnerability in Free5Gc 1.1.1

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin".

9.8
2023-10-02 CVE-2015-10124 Smartfan SQL Injection vulnerability in Smartfan Most Popular Posts Widget 0.8

A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress.

9.8
2023-10-02 CVE-2023-20819 Mediatek Out-of-bounds Write vulnerability in Mediatek products

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check.

9.8
2023-10-05 CVE-2023-2306 Qognify Use of Hard-coded Credentials vulnerability in Qognify Nicevision

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials.

9.1
2023-10-04 CVE-2023-38701 Iohk Unspecified vulnerability in Iohk Hydra

Hydra is the layer-two scalability solution for Cardano.

9.1
2023-10-04 CVE-2023-44208 Acronis Missing Authorization vulnerability in Acronis Cyber Protect Home Office

Sensitive information disclosure and manipulation due to missing authorization.

9.1
2023-10-03 CVE-2023-5350 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

9.1

208 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-06 CVE-2023-44061 Simple AND Nice Shopping Cart Script Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script 1.0

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.

8.8
2023-10-06 CVE-2023-45303 Thingsboard Injection vulnerability in Thingsboard

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).

8.8
2023-10-06 CVE-2023-39928 Webkitgtk
Debian
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5.

8.8
2023-10-06 CVE-2023-44233 Fooplugins Cross-Site Request Forgery (CSRF) vulnerability in Fooplugins Foogallery

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.

8.8
2023-10-06 CVE-2023-44243 Dylanblokhuis Cross-Site Request Forgery (CSRF) vulnerability in Dylanblokhuis Instant CSS

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.

8.8
2023-10-06 CVE-2023-40607 Cluevo Cross-Site Request Forgery (CSRF) vulnerability in Cluevo Learning Management System

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.

8.8
2023-10-06 CVE-2023-41650 Remove Hide Author Date Category Like Entry Meta Project Cross-Site Request Forgery (CSRF) vulnerability in Remove/Hide Author, Date, Category Like Entry-Meta Project Remove/Hide Author, Date, Category Like Entry-Meta

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.

8.8
2023-10-06 CVE-2023-41654 Heigl Cross-Site Request Forgery (CSRF) vulnerability in Heigl Authldap

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.

8.8
2023-10-06 CVE-2023-41659 Bdwm Cross-Site Request Forgery (CSRF) vulnerability in Bdwm Responsive Gallery Grid

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.

8.8
2023-10-06 CVE-2023-41732 Dwbooster Cross-Site Request Forgery (CSRF) vulnerability in Dwbooster CP Blocks

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.

8.8
2023-10-06 CVE-2023-41801 Strategy11 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 AWP Classifieds

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.

8.8
2023-10-06 CVE-2023-41950 Laposta Cross-Site Request Forgery (CSRF) vulnerability in Laposta Signup Basic

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.

8.8
2023-10-06 CVE-2023-44146 Checkfront Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Online Booking System

Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc.

8.8
2023-10-06 CVE-2023-28791 Webtechforce Cross-Site Request Forgery (CSRF) vulnerability in Webtechforce Simple ORG Chart 2.3.4

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

8.8
2023-10-06 CVE-2023-29235 Fugu Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch

Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.

8.8
2023-10-06 CVE-2022-47175 Royal Elementor Addons Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons

Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.

8.8
2023-10-06 CVE-2023-25033 Sumo Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost

Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.

8.8
2023-10-06 CVE-2023-25480 Boldgrid Cross-Site Request Forgery (CSRF) vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.

8.8
2023-10-06 CVE-2023-27448 Makestories Cross-Site Request Forgery (CSRF) vulnerability in Makestories (For Google web Stories)

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.

8.8
2023-10-06 CVE-2023-27615 Dipakgajjar Cross-Site Request Forgery (CSRF) vulnerability in Dipakgajjar WP Super Minify

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C.

8.8
2023-10-06 CVE-2023-40008 Webtechforce Cross-Site Request Forgery (CSRF) vulnerability in Webtechforce Simple ORG Chart 2.3.4

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

8.8
2023-10-06 CVE-2023-40671 Daxiawp Cross-Site Request Forgery (CSRF) vulnerability in Daxiawp Dx-Auto-Save-Images

Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions.

8.8
2023-10-06 CVE-2023-40556 Toolstack Cross-Site Request Forgery (CSRF) vulnerability in Toolstack Schedule Posts Calendar

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

8.8
2023-10-05 CVE-2015-10125 Smackcoders Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress.

8.8
2023-10-05 CVE-2023-43284 Dlink Unspecified vulnerability in Dlink Dir-846 Firmware 100A53Dbr

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.

8.8
2023-10-05 CVE-2023-43068 Dell OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH.

8.8
2023-10-05 CVE-2023-4401 Dell OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command.

8.8
2023-10-05 CVE-2023-5346 Google
Fedoraproject
Type Confusion vulnerability in multiple products

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-10-05 CVE-2023-45160 1E Files or Directories Accessible to External Parties vulnerability in 1E Client

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script.

8.8
2023-10-05 CVE-2023-4570 NI Unspecified vulnerability in NI Measurementlink 1.0.0/1.0.1/1.1.0

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.

8.8
2023-10-04 CVE-2023-43321 Dcnetworks Unrestricted Upload of File with Dangerous Type vulnerability in Dcnetworks Dcfw-1800-Sdc Firmware 3.0

File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.

8.8
2023-10-04 CVE-2023-36618 Unify OS Command Injection vulnerability in Unify Session Border Controller 10R3.01.03

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.

8.8
2023-10-04 CVE-2023-42809 Redisson Deserialization of Untrusted Data vulnerability in Redisson

Redisson is a Java Redis client that uses the Netty framework.

8.8
2023-10-04 CVE-2023-20235 Cisco Improper Privilege Management vulnerability in Cisco IOS XE

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode.

8.8
2023-10-04 CVE-2023-40559 Multidots Cross-Site Request Forgery (CSRF) vulnerability in Multidots Dynamic Pricing and Discount Rules for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.

8.8
2023-10-04 CVE-2023-25025 Chetangole Cross-Site Request Forgery (CSRF) vulnerability in Chetangole Wp-Copyprotect [Protect Your Blog Posts]

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

8.8
2023-10-04 CVE-2023-27433 Yasglobal Cross-Site Request Forgery (CSRF) vulnerability in Yasglobal Make Paths Relative

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0.

8.8
2023-10-04 CVE-2023-40561 Multidots Cross-Site Request Forgery (CSRF) vulnerability in Multidots Enhanced Ecommerce Google Analytics for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.

8.8
2023-10-04 CVE-2023-25489 Iwebss Cross-Site Request Forgery (CSRF) vulnerability in Iwebss Update Theme and Plugins From ZIP File

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.

8.8
2023-10-04 CVE-2023-25788 Saphali Cross-Site Request Forgery (CSRF) vulnerability in Saphali Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.

8.8
2023-10-04 CVE-2023-25980 Cagewebdev Cross-Site Request Forgery (CSRF) vulnerability in Cagewebdev Optimize Database After Deleting Revisions

Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.

8.8
2023-10-04 CVE-2023-37995 WP Copyprotect Project Cross-Site Request Forgery (CSRF) vulnerability in Wp-Copyprotect Project Wp-Copyprotect

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

8.8
2023-10-04 CVE-2023-3701 Aquaesolutions Path Traversal vulnerability in Aquaesolutions Aqua Drive 2.4

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability.

8.8
2023-10-04 CVE-2023-4997 Prointegra Incorrect Authorization vulnerability in Prointegra Uptimedc

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

8.8
2023-10-03 CVE-2023-43176 Afterlogic Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

8.8
2023-10-03 CVE-2023-4817 Icpdas Unrestricted Upload of File with Dangerous Type vulnerability in Icpdas Et-7060 Firmware 3.00

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.

8.8
2023-10-03 CVE-2023-0506 Bydemes Unspecified vulnerability in Bydemes Airspace Cctv web Service 2.616.By00.11

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.

8.8
2023-10-03 CVE-2023-27435 Yasglobal Cross-Site Request Forgery (CSRF) vulnerability in Yasglobal Http Auth

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

8.8
2023-10-03 CVE-2023-32091 Poeditor Cross-Site Request Forgery (CSRF) vulnerability in Poeditor

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

8.8
2023-10-03 CVE-2023-40558 Emarketdesign Cross-Site Request Forgery (CSRF) vulnerability in Emarketdesign Youtube Video Gallery

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

8.8
2023-10-03 CVE-2023-41244 Buildfail Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

8.8
2023-10-03 CVE-2023-41693 Plainviewplugins Cross-Site Request Forgery (CSRF) vulnerability in Plainviewplugins Mycryptocheckout

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.

8.8
2023-10-03 CVE-2023-4929 Moxa Improper Validation of Integrity Check Value vulnerability in Moxa products

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability.

8.8
2023-10-03 CVE-2023-2681 Jorani SQL Injection vulnerability in Jorani 1.0.0

An SQL Injection vulnerability has been found on Jorani version 1.0.0.

8.8
2023-10-03 CVE-2023-40199 Crudlab Cross-Site Request Forgery (CSRF) vulnerability in Crudlab WP Like Button

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.

8.8
2023-10-03 CVE-2023-40201 Futuriowp Cross-Site Request Forgery (CSRF) vulnerability in Futuriowp Futurio Extra

Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.

8.8
2023-10-03 CVE-2023-40202 Codemiq Cross-Site Request Forgery (CSRF) vulnerability in Codemiq WP Html Mail

Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.

8.8
2023-10-03 CVE-2022-47891 Riello UPS Use of Hard-coded Credentials vulnerability in Riello-Ups Netman 204 Firmware

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.

8.8
2023-10-03 CVE-2023-25989 Mekshq Cross-Site Request Forgery (CSRF) vulnerability in Mekshq products

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

8.8
2023-10-03 CVE-2023-2830 Trustindex Cross-Site Request Forgery (CSRF) vulnerability in Trustindex WP Testimonials

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

8.8
2023-10-03 CVE-2023-39165 Fetchdesigns Cross-Site Request Forgery (CSRF) vulnerability in Fetchdesigns Sign-Up Sheets

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.

8.8
2023-10-03 CVE-2023-39917 AYS PRO Cross-Site Request Forgery (CSRF) vulnerability in Ays-Pro Photo Gallery

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.

8.8
2023-10-03 CVE-2023-39923 Radiustheme Cross-Site Request Forgery (CSRF) vulnerability in Radiustheme the Post Grid

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.

8.8
2023-10-03 CVE-2023-39989 Draftpress Cross-Site Request Forgery (CSRF) vulnerability in Draftpress Header Footer Code Manager

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.

8.8
2023-10-03 CVE-2023-40210 Sean Barton Cross-Site Request Forgery (CSRF) vulnerability in Sean-Barton SB Child List 4.5

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.

8.8
2023-10-03 CVE-2023-4098 Qsige SQL Injection vulnerability in Qsige 3.0.0.0

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure.

8.8
2023-10-03 CVE-2023-4102 Qsige SQL Injection vulnerability in Qsige 3.0.0.0

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.

8.8
2023-10-03 CVE-2023-4103 Qsige SQL Injection vulnerability in Qsige 3.0.0.0

QSige statistics are affected by a remote SQLi vulnerability.

8.8
2023-10-03 CVE-2022-46841 Soflyy Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.

8.8
2023-10-03 CVE-2023-25463 Gopiplus Cross-Site Request Forgery (CSRF) vulnerability in Gopiplus Wp-Tell-A-Friend-Popup-Form 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.

8.8
2023-10-03 CVE-2023-37990 Perelink PRO Project Cross-Site Request Forgery (CSRF) vulnerability in Perelink PRO Project Perelink PRO

Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.

8.8
2023-10-03 CVE-2023-38390 Anshullabs Cross-Site Request Forgery (CSRF) vulnerability in Anshullabs Mobile Address BAR Changer

Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.

8.8
2023-10-03 CVE-2023-38396 WEB Argument Cross-Site Request Forgery (CSRF) vulnerability in Web-Argument Google-Map-Shortcode 3.1.2

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.

8.8
2023-10-03 CVE-2023-38398 Tablooa Cross-Site Request Forgery (CSRF) vulnerability in Tablooa

Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.

8.8
2023-10-03 CVE-2023-4097 Qsige Unrestricted Upload of File with Dangerous Type vulnerability in Qsige 3.0.0.0

The file upload functionality is not implemented correctly and allows uploading of any type of file.

8.8
2023-10-03 CVE-2023-37891 Optimonk Cross-Site Request Forgery (CSRF) vulnerability in Optimonk Optimonk:Popups, Personalization & A/B Testing

Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.

8.8
2023-10-03 CVE-2023-37991 Monchito Cross-Site Request Forgery (CSRF) vulnerability in Monchito WP Emoji ONE

Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.

8.8
2023-10-03 CVE-2023-37992 Presspage Cross-Site Request Forgery (CSRF) vulnerability in Presspage Smarty for Wordpress 3.1.35

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc.

8.8
2023-10-03 CVE-2023-37996 Gtmetrix Cross-Site Request Forgery (CSRF) vulnerability in Gtmetrix

Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.

8.8
2023-10-03 CVE-2023-37998 Saas Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler 3.0.3

Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.

8.8
2023-10-03 CVE-2023-38381 WP Flybox Project Cross-Site Request Forgery (CSRF) vulnerability in Wp-Flybox Project Wp-Flybox 6.46

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.

8.8
2023-10-03 CVE-2023-39222 Furunosystems OS Command Injection vulnerability in Furunosystems products

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request.

8.8
2023-10-03 CVE-2023-41086 Furunosystems Cross-Site Request Forgery (CSRF) vulnerability in Furunosystems products

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices.

8.8
2023-10-03 CVE-2023-42771 Furunosystems Improper Authentication vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware.

8.8
2023-10-03 CVE-2023-36628 Purestorage Unspecified vulnerability in Purestorage Purity//Fa

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

8.8
2023-10-02 CVE-2023-43268 Deyue Remote Vehicle Management System Project Deserialization of Untrusted Data vulnerability in Deyue Remote Vehicle Management System Project Deyue Remote Vehicle Management System 1.1

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.

8.8
2023-10-02 CVE-2023-43835 Superstorefinder Injection vulnerability in Superstorefinder Super Store Finder

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

8.8
2023-10-02 CVE-2023-43890 Netis Systems OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page.

8.8
2023-10-02 CVE-2023-3744 Slims Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.0

Server-Side Request Forgery vulnerability in SLims version 9.6.0.

8.8
2023-10-02 CVE-2023-5328 Sato Improper Authentication vulnerability in Sato Cl4Nx-J Plus Firmware 1.13.2U455R2

A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2.

8.8
2023-10-04 CVE-2023-3037 Helpdezk Unspecified vulnerability in Helpdezk 1.1.10

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10.

8.6
2023-10-05 CVE-2023-45159 1E Link Following vulnerability in 1E Client

1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup.

8.4
2023-10-04 CVE-2023-39191 Linux
Fedoraproject
Redhat
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel.
8.2
2023-10-03 CVE-2023-4100 Qsige Cross-site Scripting vulnerability in Qsige 3.0.0.0

Allows an attacker to perform XSS attacks stored on certain resources.

8.2
2023-10-03 CVE-2023-22382 Qualcomm Unspecified vulnerability in Qualcomm products

Weak configuration in Automotive while VM is processing a listener request from TEE.

8.2
2023-10-05 CVE-2023-39323 Golang
Fedoraproject
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation.
8.1
2023-10-04 CVE-2023-42449 Iohk Unspecified vulnerability in Iohk Hydra

Hydra is the two-layer scalability solution for Cardano.

8.1
2023-10-04 CVE-2023-42448 Iohk Improper Validation of Specified Quantity in Input vulnerability in Iohk Hydra

Hydra is the layer-two scalability solution for Cardano.

8.1
2023-10-04 CVE-2023-43804 Python
Debian
Fedoraproject
Information Exposure vulnerability in multiple products

urllib3 is a user-friendly HTTP client library for Python.

8.1
2023-10-04 CVE-2023-1832 Candlepinproject
Redhat
Incorrect Authorization vulnerability in multiple products

An improper access control flaw was found in Candlepin.

8.1
2023-10-03 CVE-2023-43976 Catonetworks Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Catonetworks Cato Client

An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.

8.1
2023-10-08 CVE-2023-40634 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In phasechecksercer, there is a possible missing permission check.

7.8
2023-10-08 CVE-2023-40635 Google Missing Authorization vulnerability in Google Android 11.0

In linkturbo, there is a possible missing permission check.

7.8
2023-10-07 CVE-2023-36123 Plain Craft Launcher 2 Project Path Traversal vulnerability in Plain Craft Launcher 2 Project Plain Craft Launcher 2 1.3.9

Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.

7.8
2023-10-06 CVE-2023-21266 Google Unspecified vulnerability in Google Android

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass.

7.8
2023-10-06 CVE-2023-35897 IBM Uncontrolled Search Path Element vulnerability in IBM Storage Protect and Storage Protect Client

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw.

7.8
2023-10-05 CVE-2023-43069 Dell OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI.

7.8
2023-10-05 CVE-2023-43072 Dell Improper Access Control vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI.

7.8
2023-10-05 CVE-2023-26236 Watchguard Unspecified vulnerability in Watchguard products

An issue was discovered in WatchGuard EPDR 8.0.21.0002.

7.8
2023-10-04 CVE-2023-40299 Konghq Unspecified vulnerability in Konghq Insomnia 2023.4.0

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

7.8
2023-10-04 CVE-2023-43799 Altairgraphql Unspecified vulnerability in Altairgraphql Altair

Altair is a GraphQL Client.

7.8
2023-10-04 CVE-2023-44209 Acronis Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Agent C22.02

Local privilege escalation due to improper soft link handling.

7.8
2023-10-04 CVE-2023-42824 Apple Unspecified vulnerability in Apple Ipados

The issue was addressed with improved checks.

7.8
2023-10-04 CVE-2023-43838 Personal Management System Unrestricted Upload of File with Dangerous Type vulnerability in Personal-Management-System Personal Management System 1.4.64

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

7.8
2023-10-04 CVE-2023-3665 Trellix Code Injection vulnerability in Trellix Endpoint Security

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

7.8
2023-10-04 CVE-2023-4237 Redhat Unspecified vulnerability in Redhat Ansible Automation Platform and Ansible Collection

A flaw was found in the Ansible Automation Platform.

7.8
2023-10-04 CVE-2023-22618 Nokia Unspecified vulnerability in Nokia products

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request.

7.8
2023-10-04 CVE-2023-30690 Samsung Improper Input Validation vulnerability in Samsung Android 11.0/12.0

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

7.8
2023-10-04 CVE-2023-30692 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

7.8
2023-10-04 CVE-2023-30733 Samsung Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.

7.8
2023-10-04 CVE-2023-30738 Samsung Unspecified vulnerability in Samsung products

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

7.8
2023-10-03 CVE-2023-4911 GNU
Fedoraproject
Redhat
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.

7.8
2023-10-03 CVE-2023-44217 Sonicwall Unspecified vulnerability in Sonicwall Netextender

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.

7.8
2023-10-03 CVE-2023-44218 Sonicwall Unspecified vulnerability in Sonicwall Netextender

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

7.8
2023-10-03 CVE-2023-21673 Qualcomm Unspecified vulnerability in Qualcomm products

Improper Access to the VM resource manager can lead to Memory Corruption.

7.8
2023-10-03 CVE-2023-22384 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).

7.8
2023-10-03 CVE-2023-24844 Qualcomm Unspecified vulnerability in Qualcomm products

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

7.8
2023-10-03 CVE-2023-24850 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

7.8
2023-10-03 CVE-2023-24853 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in HLOS while registering for key provisioning notify.

7.8
2023-10-03 CVE-2023-28539 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

7.8
2023-10-03 CVE-2023-33029 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in DSP Service during a remote call from HLOS to DSP.

7.8
2023-10-03 CVE-2023-33034 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption while parsing the ADSP response command.

7.8
2023-10-03 CVE-2023-33035 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption while invoking callback function of AFE from ADSP.

7.8
2023-10-03 CVE-2023-33039 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in Automotive Display while destroying the image handle created using connected display driver.

7.8
2023-10-03 CVE-2023-5345 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

7.8
2023-10-03 CVE-2023-3440 Hitachi Incorrect Default Permissions vulnerability in Hitachi Jp1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

7.8
2023-10-02 CVE-2023-43361 Xiph Out-of-bounds Write vulnerability in Xiph Vorbis-Tools 1.4.2

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

7.8
2023-10-08 CVE-2023-40632 Google Use After Free vulnerability in Google Android 13.0

In jpg driver, there is a possible use after free due to a logic error.

7.5
2023-10-07 CVE-2023-43615 ARM
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

7.5
2023-10-06 CVE-2023-44860 Netis Systems Incorrect Authorization vulnerability in Netis-Systems N3M Firmware 1.0.1.865

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.

7.5
2023-10-06 CVE-2022-33160 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Suite VA 8.0.1

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-10-06 CVE-2023-45282 Nasa Unspecified vulnerability in Nasa Openmct

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.

7.5
2023-10-06 CVE-2023-43810 Opentelemetry Resource Exhaustion vulnerability in Opentelemetry

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs.

7.5
2023-10-05 CVE-2023-44828 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function.

7.5
2023-10-05 CVE-2023-44829 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function.

7.5
2023-10-05 CVE-2023-44830 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function.

7.5
2023-10-05 CVE-2023-44831 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function.

7.5
2023-10-05 CVE-2023-44832 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function.

7.5
2023-10-05 CVE-2023-44833 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function.

7.5
2023-10-05 CVE-2023-44834 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function.

7.5
2023-10-05 CVE-2023-44835 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function.

7.5
2023-10-05 CVE-2023-44836 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function.

7.5
2023-10-05 CVE-2023-44837 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function.

7.5
2023-10-05 CVE-2023-44838 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function.

7.5
2023-10-05 CVE-2023-44839 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function.

7.5
2023-10-05 CVE-2022-3248 Redhat Incorrect Authorization vulnerability in Redhat products

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions.

7.5
2023-10-05 CVE-2023-45198 Netbsd Unspecified vulnerability in Netbsd Ftpd and Tnftpd

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command.

7.5
2023-10-04 CVE-2023-43793 Misskey Improper Authentication vulnerability in Misskey

Misskey is an open source, decentralized social media platform.

7.5
2023-10-04 CVE-2023-43805 Nexryai Improper Authentication vulnerability in Nexryai Nexkey

Nexkey is a fork of Misskey, an open source, decentralized social media platform.

7.5
2023-10-04 CVE-2023-43809 Charm Improper Authentication vulnerability in Charm Soft Serve

Soft Serve is a self-hostable Git server for the command line.

7.5
2023-10-04 CVE-2023-20259 Cisco Unspecified vulnerability in Cisco products

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing.

7.5
2023-10-04 CVE-2023-3038 Helpdezk SQL Injection vulnerability in Helpdezk 1.1.10

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10.

7.5
2023-10-04 CVE-2023-3361 Opendatahub
Redhat
Cleartext Transmission of Sensitive Information vulnerability in multiple products

A flaw was found in Red Hat OpenShift Data Science.

7.5
2023-10-04 CVE-2023-43261 Milesight Information Exposure Through Log Files vulnerability in Milesight products

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

7.5
2023-10-04 CVE-2023-1584 Quarkus Unspecified vulnerability in Quarkus

A flaw was found in Quarkus.

7.5
2023-10-04 CVE-2023-3512 Setelsa Security Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

7.5
2023-10-04 CVE-2023-30727 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

7.5
2023-10-04 CVE-2022-22447 IBM Unspecified vulnerability in IBM Disconnected LOG Collector

IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information.

7.5
2023-10-03 CVE-2023-5255 Puppet Improper Resource Shutdown or Release vulnerability in Puppet and Puppet Server

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.

7.5
2023-10-03 CVE-2023-4882 Open5Gs Improper Resource Shutdown or Release vulnerability in Open5Gs

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value.

7.5
2023-10-03 CVE-2023-4883 Open5Gs Release of Invalid Pointer or Reference vulnerability in Open5Gs

Invalid pointer release vulnerability.

7.5
2023-10-03 CVE-2023-4884 Open5Gs Missing Authentication for Critical Function vulnerability in Open5Gs

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.

7.5
2023-10-03 CVE-2023-3349 Ayesa Information Exposure Through Log Files vulnerability in Ayesa Ibermatica RPS 2019

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application.

7.5
2023-10-03 CVE-2023-3350 Ayesa Information Exposure Through Log Files vulnerability in Ayesa Ibermatica RPS 2019

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019.

7.5
2023-10-03 CVE-2022-47892 Riello UPS Cleartext Transmission of Sensitive Information vulnerability in Riello-Ups Netman 204 Firmware

All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.

7.5
2023-10-03 CVE-2023-3655 Cashit Unspecified vulnerability in Cashit Cashit! 03.A06Rks2023.02.37

cashIT! - serving solutions.

7.5
2023-10-03 CVE-2023-24843 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS in Modem while triggering a camping on an 5G cell.

7.5
2023-10-03 CVE-2023-24847 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Transient DOS in Modem while allocating DSM items.

7.5
2023-10-03 CVE-2023-24848 Qualcomm Unspecified vulnerability in Qualcomm products

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

7.5
2023-10-03 CVE-2023-24849 Qualcomm Unspecified vulnerability in Qualcomm products

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

7.5
2023-10-03 CVE-2023-28540 Qualcomm Improper Authentication vulnerability in Qualcomm products

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

7.5
2023-10-03 CVE-2023-33026 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing a NAN management frame.

7.5
2023-10-03 CVE-2023-33027 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing rsn ies.

7.5
2023-10-03 CVE-2023-26150 Freeopcua Improper Authentication vulnerability in Freeopcua Opcua-Asyncio

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

7.5
2023-10-03 CVE-2023-26151 Freeopcua Infinite Loop vulnerability in Freeopcua Opcua-Asyncio

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

7.5
2023-10-03 CVE-2023-26152 Nbluis Path Traversal vulnerability in Nbluis Static-Server

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.

7.5
2023-10-03 CVE-2023-3967 Hitachi Allocation of Resources Without Limits or Throttling vulnerability in Hitachi OPS Center Common Services

Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.

7.5
2023-10-02 CVE-2023-3592 Eclipse Memory Leak vulnerability in Eclipse Mosquitto

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

7.5
2023-10-02 CVE-2023-5344 VIM
Fedoraproject
Heap-based Buffer Overflow vulnerability in multiple products

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

7.5
2023-10-02 CVE-2023-3769 Ingeteam Unspecified vulnerability in Ingeteam Ingepac Fc5066 Firmware 5.3.1.1/6.1.1.22/9.0.22.6

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

7.5
2023-10-02 CVE-2023-41580 Phpipam Injection vulnerability in PHPipam

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php.

7.5
2023-10-02 CVE-2023-5106 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.

7.5
2023-10-02 CVE-2023-3768 Ingeteam Improper Input Validation vulnerability in Ingeteam products

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

7.5
2023-10-02 CVE-2023-32820 Linuxfoundation
Mediatek
Google
Linux
Reachable Assertion vulnerability in multiple products

In wlan firmware, there is a possible firmware assertion due to improper input handling.

7.5
2023-10-02 CVE-2023-5329 F Logic Improper Authentication vulnerability in F-Logic Datacube4 Firmware 20231001

A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001.

7.5
2023-10-04 CVE-2023-4586 Redhat
Infinispan
Improper Certificate Validation vulnerability in multiple products

A vulnerability was found in the Hot Rod client.

7.4
2023-10-06 CVE-2023-32971 Qnap Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

7.2
2023-10-06 CVE-2023-32972 Qnap Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

7.2
2023-10-06 CVE-2023-36465 Decidim Incorrect Permission Assignment for Critical Resource vulnerability in Decidim

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website.

7.1
2023-10-06 CVE-2023-45246 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-10-06 CVE-2023-45244 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-10-05 CVE-2023-44211 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-10-05 CVE-2023-44212 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-10-04 CVE-2023-2422 Redhat Improper Certificate Validation vulnerability in Redhat products

A flaw was found in Keycloak.

7.1
2023-10-04 CVE-2023-5377 Gpac Out-of-bounds Read vulnerability in Gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

7.1
2023-10-04 CVE-2023-5369 Freebsd Improper Check for Dropped Privileges vulnerability in Freebsd 13.2

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively.

7.1
2023-10-03 CVE-2023-24518 Pandorafms Cross-Site Request Forgery (CSRF) vulnerability in Pandorafms Pandora FMS

A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against.

7.1
2023-10-04 CVE-2021-3784 Garudalinux Improper Authentication vulnerability in Garudalinux Garuda Linux

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account.

7.0

195 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-08 CVE-2023-40653 Google Missing Authorization vulnerability in Google Android 11.0

In FW-PackageManager, there is a possible missing permission check.

6.7
2023-10-08 CVE-2023-40654 Google Missing Authorization vulnerability in Google Android 11.0

In FW-PackageManager, there is a possible missing permission check.

6.7
2023-10-06 CVE-2023-21244 Google Missing Authorization vulnerability in Google Android

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check.

6.7
2023-10-05 CVE-2023-26237 Watchguard Authorization Bypass Through User-Controlled Key vulnerability in Watchguard products

An issue was discovered in WatchGuard EPDR 8.0.21.0002.

6.7
2023-10-02 CVE-2023-32821 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In video, there is a possible out of bounds write due to a permissions bypass.

6.7
2023-10-02 CVE-2023-32822 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In ftm, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-10-02 CVE-2023-32823 Google Integer Overflow or Wraparound vulnerability in Google Android 12.0/13.0

In rpmb , there is a possible memory corruption due to a missing bounds check.

6.7
2023-10-02 CVE-2023-32824 Google Double Free vulnerability in Google Android 12.0/13.0

In rpmb , there is a possible double free due to improper locking.

6.7
2023-10-02 CVE-2023-32826 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In camera middleware, there is a possible out of bounds write due to a missing input validation.

6.7
2023-10-02 CVE-2023-32827 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In camera middleware, there is a possible out of bounds write due to a missing input validation.

6.7
2023-10-02 CVE-2023-32828 Mediatek
Google
Integer Overflow or Wraparound vulnerability in multiple products

In vpu, there is a possible out of bounds write due to an integer overflow.

6.7
2023-10-02 CVE-2023-32829 Linuxfoundation
Mediatek
Google
Integer Overflow or Wraparound vulnerability in multiple products

In apusys, there is a possible out of bounds write due to an integer overflow.

6.7
2023-10-02 CVE-2023-32830 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In TVAPI, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-10-06 CVE-2023-45322 Xmlsoft Use After Free vulnerability in Xmlsoft Libxml2

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.

6.5
2023-10-06 CVE-2023-23365 Qnap Path Traversal vulnerability in Qnap Music Station

A path traversal vulnerability has been reported to affect Music Station.

6.5
2023-10-06 CVE-2023-23366 Qnap Path Traversal vulnerability in Qnap Music Station

A path traversal vulnerability has been reported to affect Music Station.

6.5
2023-10-05 CVE-2023-40745 Libtiff
Fedoraproject
Redhat
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

LibTIFF is vulnerable to an integer overflow.

6.5
2023-10-05 CVE-2023-41175 Libtiff
Fedoraproject
Redhat
Integer Overflow or Wraparound vulnerability in multiple products

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c.

6.5
2023-10-05 CVE-2023-43070 Dell Path Traversal vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface.

6.5
2023-10-05 CVE-2023-43073 Dell Improper Input Validation vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration.

6.5
2023-10-05 CVE-2023-44387 Gradle Incorrect Permission Assignment for Critical Resource vulnerability in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development.

6.5
2023-10-04 CVE-2023-5371 Wireshark Allocation of Resources Without Limits or Throttling vulnerability in Wireshark

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

6.5
2023-10-04 CVE-2023-40376 IBM Improper Authentication vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls.

6.5
2023-10-04 CVE-2023-5368 Freebsd Insecure Default Initialization of Resource vulnerability in Freebsd

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g.

6.5
2023-10-03 CVE-2023-2544 UPV Authorization Bypass Through User-Controlled Key vulnerability in UPV Peix

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php".

6.5
2023-10-03 CVE-2023-39158 Multidots Cross-Site Request Forgery (CSRF) vulnerability in Multidots Banner Management for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.

6.5
2023-10-03 CVE-2023-32791 Nxlog Cross-Site Request Forgery (CSRF) vulnerability in Nxlog Manager 5.6.5633

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version.

6.5
2023-10-03 CVE-2023-32792 Nxlog Cross-Site Request Forgery (CSRF) vulnerability in Nxlog Manager 5.6.5633

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version.

6.5
2023-10-03 CVE-2023-39159 Multidots Cross-Site Request Forgery (CSRF) vulnerability in Multidots Fraud Prevention for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.

6.5
2023-10-03 CVE-2023-40009 Thimpress Cross-Site Request Forgery (CSRF) vulnerability in Thimpress WP Pipes

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.

6.5
2023-10-03 CVE-2023-40198 Antsanchez Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie LAW

Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.

6.5
2023-10-03 CVE-2023-40212 Multidots Cross-Site Request Forgery (CSRF) vulnerability in Multidots Product Attachment for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.

6.5
2023-10-03 CVE-2023-42508 Jfrog Unspecified vulnerability in Jfrog Artifactory

JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.

6.5
2023-10-03 CVE-2023-5353 Salesagility Unspecified vulnerability in Salesagility Suitecrm

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.

6.5
2023-10-03 CVE-2023-4099 Qsige Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0

The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.

6.5
2023-10-03 CVE-2023-4101 Qsige Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0

The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.

6.5
2023-10-02 CVE-2023-43836 Jizhicms SQL Injection vulnerability in Jizhicms 2.4.9

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

6.5
2023-10-04 CVE-2023-4380 Redhat Information Exposure Through Log Files vulnerability in Redhat products

A logic flaw exists in Ansible Automation platform.

6.3
2023-10-05 CVE-2023-43260 Milesight Cross-site Scripting vulnerability in Milesight products

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

6.1
2023-10-05 CVE-2023-44390 Htmlsanitizer Project Cross-site Scripting vulnerability in Htmlsanitizer Project Htmlsanitizer

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks.

6.1
2023-10-04 CVE-2023-42808 Mozilla Cross-site Scripting vulnerability in Mozilla Common Voice 1.88.2

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools.

6.1
2023-10-04 CVE-2023-27121 Pleasantsolutions Cross-site Scripting vulnerability in Pleasantsolutions Pleasant Password Server 7.11.41

A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.

6.1
2023-10-04 CVE-2022-36277 Tcman Cross-site Scripting vulnerability in Tcman GIM 8.0.1

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

6.1
2023-10-04 CVE-2023-5113 HP Cross-site Scripting vulnerability in HP Futuresmart 5 5.3

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

6.1
2023-10-04 CVE-2023-4492 Easy Address Book WEB Server Project Cross-site Scripting vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6

Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded

6.1
2023-10-04 CVE-2023-4495 Easy Chat Server Project Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter.

6.1
2023-10-04 CVE-2023-4496 Easy Chat Server Project Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.

6.1
2023-10-04 CVE-2023-4497 Easy Chat Server Project Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter.

6.1
2023-10-04 CVE-2023-4090 Acilia Cross-site Scripting vulnerability in Acilia Widestand 5.3.5

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

6.1
2023-10-04 CVE-2023-5375 Mosparo Open Redirect vulnerability in Mosparo

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.

6.1
2023-10-03 CVE-2023-40519 Broadpeak Cross-site Scripting vulnerability in Broadpeak Centralized Accounts Management Auth Agent 00.12.01.95655881254B459/01.01.00.19219575Ee9195B0/01.01.01.30097902Fd999E76

A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter.

6.1
2023-10-03 CVE-2023-32790 Nxlog Cross-site Scripting vulnerability in Nxlog Manager 5.6.5633

Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version.

6.1
2023-10-03 CVE-2023-0828 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server.

6.1
2023-10-02 CVE-2023-44012 Mojoportal Cross-site Scripting vulnerability in Mojoportal 2.7.0.0

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.

6.1
2023-10-02 CVE-2023-44144 Dreamfoxmedia Cross-site Scripting vulnerability in Dreamfoxmedia Payment Gateway PER Product for Woocommerce

Unauth.

6.1
2023-10-02 CVE-2023-44245 Leaptodigital Cross-site Scripting vulnerability in Leaptodigital Contact Form Website to Workflow Tool

Unauth.

6.1
2023-10-02 CVE-2023-41856 Clicktotweet Cross-site Scripting vulnerability in Clicktotweet Click to Tweet

Unauth.

6.1
2023-10-02 CVE-2023-44244 Fooplugins Cross-site Scripting vulnerability in Fooplugins Foogallery

Unauth.

6.1
2023-10-02 CVE-2023-44474 MD Jakir Hosen Cross-site Scripting vulnerability in MD Jakir Hosen Tiger Forms - Drag and Drop Form Builder

Unauth.

6.1
2023-10-02 CVE-2023-41692 Hennessey Cross-site Scripting vulnerability in Hennessey Attorney

Unauth.

6.1
2023-10-04 CVE-2022-4132 Dogtagpki
Redhat
Memory Leak vulnerability in multiple products

A flaw was found in JSS.

5.9
2023-10-03 CVE-2023-4885 Open5Gs Unspecified vulnerability in Open5Gs

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.

5.9
2023-10-03 CVE-2023-43627 Furunosystems Path Traversal vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware

Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request.

5.7
2023-10-04 CVE-2023-38537 Whatsapp Race Condition vulnerability in Whatsapp

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

5.6
2023-10-08 CVE-2023-40633 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In phasecheckserver, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40637 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telecom service, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40639 Google Missing Authorization vulnerability in Google Android 10.0

In SoundRecorder service, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40640 Google Missing Authorization vulnerability in Google Android 10.0

In SoundRecorder service, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40641 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40642 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40643 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40644 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40645 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40646 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40647 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40648 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40649 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Messaging, there is a possible missing permission check.

5.5
2023-10-08 CVE-2023-40650 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In Telecom service, there is a possible missing permission check.

5.5
2023-10-07 CVE-2023-5182 Canonical Information Exposure Through Log Files vulnerability in Canonical Subiquity

Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier.

5.5
2023-10-06 CVE-2022-34355 IBM Unspecified vulnerability in IBM products

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system.

5.5
2023-10-06 CVE-2023-21252 Google Unspecified vulnerability in Google Android

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation.

5.5
2023-10-06 CVE-2023-21253 Google Resource Exhaustion vulnerability in Google Android

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion.

5.5
2023-10-06 CVE-2023-21291 Google Missing Authorization vulnerability in Google Android

In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check.

5.5
2023-10-06 CVE-2023-5366 Openvswitch
Redhat
Insufficient Verification of Data Authenticity vulnerability in multiple products

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules.

5.5
2023-10-06 CVE-2023-45245 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure due to missing authorization.

5.5
2023-10-05 CVE-2023-44213 Acronis Privacy Violation vulnerability in Acronis Agent

Sensitive information disclosure due to excessive collection of system information.

5.5
2023-10-05 CVE-2023-44214 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure due to missing authorization.

5.5
2023-10-05 CVE-2023-45240 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure due to missing authorization.

5.5
2023-10-05 CVE-2023-45241 Acronis Information Exposure Through Log Files vulnerability in Acronis Agent

Sensitive information leak through log files.

5.5
2023-10-05 CVE-2023-45242 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure due to missing authorization.

5.5
2023-10-05 CVE-2023-45243 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure due to missing authorization.

5.5
2023-10-05 CVE-2023-5441 VIM
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

5.5
2023-10-05 CVE-2023-42754 Linux
Redhat
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack.

5.5
2023-10-05 CVE-2023-42755 Linux
Redhat
Debian
Out-of-bounds Read vulnerability in multiple products

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel.

5.5
2023-10-05 CVE-2023-26238 Watchguard Unspecified vulnerability in Watchguard products

An issue was discovered in WatchGuard EPDR 8.0.21.0002.

5.5
2023-10-05 CVE-2023-26239 Watchguard Improper Check for Dropped Privileges vulnerability in Watchguard products

An issue was discovered in WatchGuard EPDR 8.0.21.0002.

5.5
2023-10-04 CVE-2023-44210 Acronis Missing Authorization vulnerability in Acronis Agent C22.03

Sensitive information disclosure and manipulation due to missing authorization.

5.5
2023-10-04 CVE-2023-3428 Imagemagick
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick.

5.5
2023-10-04 CVE-2023-3576 Libtiff
Fedoraproject
Redhat
Memory Leak vulnerability in multiple products

A memory leak flaw was found in Libtiff's tiffcrop utility.

5.5
2023-10-04 CVE-2023-4037 Setelsa Security SQL Injection vulnerability in Setelsa-Security Conacwin 3.7.1.2

Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.

5.5
2023-10-04 CVE-2023-30734 Samsung Unspecified vulnerability in Samsung Health

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

5.5
2023-10-04 CVE-2023-30737 Samsung Unspecified vulnerability in Samsung Health

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

5.5
2023-10-04 CVE-2023-5370 Freebsd Improper Initialization vulnerability in Freebsd 13.2

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized.

5.5
2023-10-03 CVE-2023-43898 Nothings NULL Pointer Dereference vulnerability in Nothings STB Image.H 2.28

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format.

5.5
2023-10-03 CVE-2023-28571 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

5.5
2023-10-03 CVE-2023-3335 Hitachi Information Exposure Through Log Files vulnerability in Hitachi OPS Center Administrator

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.

5.5
2023-10-02 CVE-2023-37605 Baramundi Improper Handling of Exceptional Conditions vulnerability in Baramundi Enterprise Mobility Management 23.1.50

Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.

5.5
2023-10-02 CVE-2023-42132 Mhlw XXE vulnerability in Mhlw FD Application 9.01

FD Application Apr.

5.5
2023-10-06 CVE-2023-5452 Snipeitapp Cross-site Scripting vulnerability in Snipeitapp Snipe-It

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

5.4
2023-10-06 CVE-2023-44761 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.

5.4
2023-10-06 CVE-2023-44762 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.

5.4
2023-10-06 CVE-2023-44764 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).

5.4
2023-10-06 CVE-2023-44765 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

5.4
2023-10-06 CVE-2023-44770 Tribalsystems Cross-site Scripting vulnerability in Tribalsystems Zenario 9.4.59197

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.

5.4
2023-10-06 CVE-2023-44771 Tribalsystems Cross-site Scripting vulnerability in Tribalsystems Zenario 9.4.59197

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.

5.4
2023-10-06 CVE-2023-44758 Gdidees Cross-site Scripting vulnerability in Gdidees CMS 3.9.2

GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.

5.4
2023-10-05 CVE-2023-43343 Opensolution Cross-site Scripting vulnerability in Opensolution Quick CMS 6.7

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.

5.4
2023-10-05 CVE-2023-43071 Dell Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell Smartfabric Storage Software 1.0.0

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI.

5.4
2023-10-04 CVE-2023-44075 Small CRM Project Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0

Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.

5.4
2023-10-04 CVE-2023-3971 Redhat Cross-site Scripting vulnerability in Redhat products

An HTML injection flaw was found in Controller in the user interface settings.

5.4
2023-10-04 CVE-2023-40684 IBM Cross-site Scripting vulnerability in IBM Content Navigator 3.0.11/3.0.13/3.0.14

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting.

5.4
2023-10-04 CVE-2023-4493 Easy Address Book WEB Server Project Cross-site Scripting vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip).

5.4
2023-10-04 CVE-2023-44272 Citadel Cross-site Scripting vulnerability in Citadel

A cross-site scripting vulnerability exists in Citadel versions prior to 994.

5.4
2023-10-04 CVE-2023-30736 Samsung Unspecified vulnerability in Samsung Assistant

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface.

5.4
2023-10-04 CVE-2023-5291 Awplife Unspecified vulnerability in Awplife Blog Filter

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-04 CVE-2023-5357 Ink361 Unspecified vulnerability in Ink361 Instagram for Wordpress

The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-04 CVE-2023-35905 IBM Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.10/5.5.11/5.5.8

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting.

5.4
2023-10-03 CVE-2023-43951 Sscms Project Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.

5.4
2023-10-03 CVE-2023-43952 Sscms Project Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2

SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.

5.4
2023-10-03 CVE-2023-43953 Sscms Project Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.

5.4
2023-10-03 CVE-2023-32669 Buddyboss Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums.

5.4
2023-10-03 CVE-2023-32670 Buddyboss Cross-site Scripting vulnerability in Buddyboss 2.2.9

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.

5.4
2023-10-03 CVE-2023-32671 Buddyboss Cross-site Scripting vulnerability in Buddyboss 2.2.9

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9.

5.4
2023-10-03 CVE-2023-5351 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.

5.4
2023-10-03 CVE-2023-5334 Wponlinesupport Unspecified vulnerability in Wponlinesupport WP Responsive Header Image Slider

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-03 CVE-2023-39429 Furunosystems Cross-site Scripting vulnerability in Furunosystems products

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration.

5.4
2023-10-02 CVE-2023-43267 Emlog Cross-site Scripting vulnerability in Emlog 2.1.14

A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.

5.4
2023-10-02 CVE-2023-43297 Linecorp Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Linecorp Line 13.6.1

An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

5.4
2023-10-02 CVE-2023-44242 2Joomla Cross-site Scripting vulnerability in 2Joomla 2J Slideshow

Auth.

5.4
2023-10-02 CVE-2023-44264 Arrowplugins Cross-site Scripting vulnerability in Arrowplugins the Awesome Feed

Auth.

5.4
2023-10-02 CVE-2023-44145 Jesweb Cross-site Scripting vulnerability in Jesweb Anchor Episodes Index (Spotify for Podcasters)

Auth.

5.4
2023-10-02 CVE-2023-41797 Goldplugins Cross-site Scripting vulnerability in Goldplugins Locations

Auth.

5.4
2023-10-02 CVE-2023-41847 Wensolutions Cross-site Scripting vulnerability in Wensolutions Notice BAR

Auth.

5.4
2023-10-02 CVE-2023-44477 Boxystudio Cross-site Scripting vulnerability in Boxystudio Cooked 1.7.5.6/1.7.5.7

Auth.

5.4
2023-10-02 CVE-2023-41728 Rescuethemes Cross-site Scripting vulnerability in Rescuethemes Rescue Shortcodes

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5.

5.4
2023-10-06 CVE-2023-42445 Gradle XXE vulnerability in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development.

5.3
2023-10-06 CVE-2023-4469 Bestwebsoft Unspecified vulnerability in Bestwebsoft Profile Extra Fields

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7.

5.3
2023-10-05 CVE-2023-44386 Vapor Incorrect Behavior Order vulnerability in Vapor 4.83.2/4.84.0/4.84.1

Vapor is an HTTP web framework for Swift.

5.3
2023-10-05 CVE-2022-4145 Redhat Injection vulnerability in Redhat Openshift Container Platform 4.0

A content spoofing flaw was found in OpenShift's OAuth endpoint.

5.3
2023-10-04 CVE-2022-43906 IBM Unspecified vulnerability in IBM Security Guardium 11.5

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.

5.3
2023-10-04 CVE-2023-3153 OVN
Redhat
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit.

5.3
2023-10-04 CVE-2023-3213 Wpforms Unspecified vulnerability in Wpforms WP Mail Smtp

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0.

5.3
2023-10-02 CVE-2023-44463 Rami Unspecified vulnerability in Rami Pretix

An issue was discovered in pretix before 2023.7.1.

5.3
2023-10-02 CVE-2023-0809 Eclipse Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

5.3
2023-10-04 CVE-2023-38538 Whatsapp Race Condition vulnerability in Whatsapp

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

5.0
2023-10-03 CVE-2023-32572 Purestorage Unspecified vulnerability in Purestorage Purity//Fa

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

4.9
2023-10-06 CVE-2023-44766 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.

4.8
2023-10-04 CVE-2023-43877 Ritecms Cross-site Scripting vulnerability in Ritecms 3.0

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.

4.8
2023-10-04 CVE-2023-44389 Zope Cross-site Scripting vulnerability in Zope

Zope is an open-source web application server.

4.8
2023-10-03 CVE-2023-3196 Capensis Cross-site Scripting vulnerability in Capensis Canopsis 23.04

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.

4.8
2023-10-03 CVE-2023-4564 Capensis Cross-site Scripting vulnerability in Capensis Canopsis 23.04

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.

4.8
2023-10-02 CVE-2023-44228 Gopiplus Cross-site Scripting vulnerability in Gopiplus Onclick Show Popup

Auth.

4.8
2023-10-02 CVE-2023-44230 Gopiplus Cross-site Scripting vulnerability in Gopiplus Popup Contact Form

Auth.

4.8
2023-10-02 CVE-2023-44265 Gopiplus Cross-site Scripting vulnerability in Gopiplus Popup Contact Form

Auth.

4.8
2023-10-02 CVE-2023-44266 Wpadminify Cross-site Scripting vulnerability in Wpadminify WP Adminify 2.0.6/2.0.7/2.0.8

Auth.

4.8
2023-10-02 CVE-2023-44239 Walkswithme Cross-site Scripting vulnerability in Walkswithme Social Share on Image Hover

Auth.

4.8
2023-10-02 CVE-2023-44262 Renzojohnson Cross-site Scripting vulnerability in Renzojohnson Blocks

Auth.

4.8
2023-10-02 CVE-2023-44263 Riyaz Cross-site Scripting vulnerability in Riyaz Social Metrics

Auth.

4.8
2023-10-02 CVE-2023-41737 Wpgens Cross-site Scripting vulnerability in Wpgens Swifty BAR

Auth.

4.8
2023-10-02 CVE-2023-41800 Uniconsent Cross-site Scripting vulnerability in Uniconsent CMP for Gdpr Cpra GPP TCF

Auth.

4.8
2023-10-02 CVE-2023-41855 Regpacks Cross-site Scripting vulnerability in Regpacks Regpack

Auth.

4.8
2023-10-02 CVE-2023-41859 Tychesoftwares Cross-site Scripting vulnerability in Tychesoftwares Order Delivery Date for WP E-Commerce

Auth.

4.8
2023-10-02 CVE-2023-44479 Krillwebdesign Cross-site Scripting vulnerability in Krillwebdesign Wp-Jump-Menu

Auth.

4.8
2023-10-02 CVE-2023-41729 Pressified Cross-site Scripting vulnerability in Pressified Sendpress

Auth.

4.8
2023-10-02 CVE-2023-41731 I13Websolution Cross-site Scripting vulnerability in I13Websolution Wordpress Publish Post Email Notification

Auth.

4.8
2023-10-02 CVE-2023-41733 Yydevelopment Cross-site Scripting vulnerability in Yydevelopment Back to the TOP Button

Auth.

4.8
2023-10-02 CVE-2023-41734 Nigauri Cross-site Scripting vulnerability in Nigauri Insert Estimated Reading Time

Auth.

4.8
2023-10-02 CVE-2023-41736 Gopiplus Cross-site Scripting vulnerability in Gopiplus Email Posts to Subscribers 6.2

Auth.

4.8
2023-10-03 CVE-2023-33200 ARM Use After Free vulnerability in ARM products

A local non-privileged user can make improper GPU processing operations to exploit a software race condition.

4.7
2023-10-03 CVE-2023-34970 ARM Out-of-bounds Write vulnerability in ARM Mali GPU Kernel Driver and Valhall GPU Kernel Driver

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition.

4.7
2023-10-03 CVE-2023-4732 Linux
Redhat
Race Condition vulnerability in multiple products

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel.

4.7
2023-10-04 CVE-2023-30731 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.

4.6
2023-10-08 CVE-2023-40631 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In Dialer, there is a possible missing permission check.

4.4
2023-10-08 CVE-2023-40636 Google Missing Authorization vulnerability in Google Android 11.0

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check.

4.4
2023-10-08 CVE-2023-40638 Google Missing Authorization vulnerability in Google Android 11.0

In Telecom service, there is a possible missing permission check.

4.4
2023-10-08 CVE-2023-40651 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In urild service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-10-08 CVE-2023-40652 Google Out-of-bounds Write vulnerability in Google Android 11.0

In jpg driver, there is a possible out of bounds write due to improper input validation.

4.4
2023-10-06 CVE-2023-23370 Qnap Insufficiently Protected Credentials vulnerability in Qnap Qvpn

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client.

4.4
2023-10-06 CVE-2023-23371 Qnap Cleartext Transmission of Sensitive Information vulnerability in Qnap Qvpn

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client.

4.4
2023-10-03 CVE-2023-4886 Theforeman
Redhat
A sensitive information exposure vulnerability was found in foreman.
4.4
2023-10-02 CVE-2023-32819 Google Unspecified vulnerability in Google Android 12.0/13.0

In display, there is a possible information disclosure due to a missing bounds check.

4.4
2023-10-02 CVE-2023-31042 Purestorage Unspecified vulnerability in Purestorage Purity

A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.

4.3
2023-10-02 CVE-2023-3770 Ingeteam Missing Authorization vulnerability in Ingeteam Ingepac Da3451 Firmware 0.29.2.42

 Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.

4.3
2023-10-02 CVE-2023-5160 Mattermost Unspecified vulnerability in Mattermost

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled

4.3
2023-10-06 CVE-2023-44384 Discourse Server-Side Request Forgery (SSRF) vulnerability in Discourse Jira 20231001

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically.

4.1

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-04 CVE-2023-30732 Samsung Unspecified vulnerability in Samsung Android 13.0

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

3.3
2023-10-04 CVE-2023-30735 Samsung Improper Preservation of Permissions vulnerability in Samsung Sassistant

Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.

3.3
2023-10-03 CVE-2023-28373 Purestorage Unspecified vulnerability in Purestorage Purity//Fa

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

2.7
2023-10-02 CVE-2023-28372 Purestorage Unspecified vulnerability in Purestorage Purity

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

2.7
2023-10-02 CVE-2023-36627 Purestorage Unspecified vulnerability in Purestorage Purity

A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.

2.7