Weekly Vulnerabilities Reports > October 9 to 15, 2023
Overview
640 new vulnerabilities reported during this period, including 84 critical vulnerabilities and 345 high severity vulnerabilities. This weekly summary report vulnerabilities in 759 products from 255 vendors including Microsoft, Fortinet, Juniper, Google, and Debian. Vulnerabilities are notably categorized as "Cross-Site Request Forgery (CSRF)", "Cross-site Scripting", "Out-of-bounds Write", "OS Command Injection", and "Out-of-bounds Read".
- 470 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 150 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 397 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 105 reported vulnerabilities.
- Yifanwireless has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
84 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-10 | CVE-2023-41373 | F5 | Path Traversal vulnerability in F5 products A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. | 9.9 |
2023-10-15 | CVE-2023-5589 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 A vulnerability was found in SourceCodester Judging Management System 1.0. | 9.8 |
2023-10-15 | CVE-2023-5587 | Free Hospital Management System FOR Small Practices Project | SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0 A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. | 9.8 |
2023-10-14 | CVE-2023-5580 | Library System Project | SQL Injection vulnerability in Library System Project Library System 1.0 A vulnerability classified as critical has been found in SourceCodester Library System 1.0. | 9.8 |
2023-10-14 | CVE-2023-26155 | Nrhirani | Command Injection vulnerability in Nrhirani Node-Qpdf All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. | 9.8 |
2023-10-14 | CVE-2023-45856 | Qdpm | Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.2 qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | 9.8 |
2023-10-14 | CVE-2023-30154 | Shoprunners | SQL Injection vulnerability in Shoprunners Aftermail Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | 9.8 |
2023-10-14 | CVE-2023-45852 | Viessmann | Command Injection vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | 9.8 |
2023-10-14 | CVE-2023-45853 | Zlib | Integer Overflow or Wraparound vulnerability in Zlib MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. | 9.8 |
2023-10-13 | CVE-2023-4257 | Zephyrproject | Incorrect Calculation of Buffer Size vulnerability in Zephyrproject Zephyr Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | 9.8 |
2023-10-13 | CVE-2023-45162 | 1E | SQL Injection vulnerability in 1E Platform Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. | 9.8 |
2023-10-13 | CVE-2023-45465 | Netis Systems | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | 9.8 |
2023-10-13 | CVE-2023-45466 | Netis Systems | Command Injection vulnerability in Netis-Systems N3Mv2 Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | 9.8 |
2023-10-13 | CVE-2023-45467 | Netis Systems | OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | 9.8 |
2023-10-13 | CVE-2023-5572 | Vrite | Server-Side Request Forgery (SSRF) vulnerability in Vrite Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | 9.8 |
2023-10-12 | CVE-2023-41262 | Plixer | SQL Injection vulnerability in Plixer Scrutinizer An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. | 9.8 |
2023-10-12 | CVE-2023-23737 | Managewp | SQL Injection vulnerability in Managewp Broken Link Checker Unauth. | 9.8 |
2023-10-12 | CVE-2023-5045 | Biltay | SQL Injection vulnerability in Biltay Kayisi Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286. | 9.8 |
2023-10-12 | CVE-2023-5046 | Biltay | SQL Injection vulnerability in Biltay Procost Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390. | 9.8 |
2023-10-12 | CVE-2023-5554 | Linecorp | Improper Certificate Validation vulnerability in Linecorp Line Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | 9.8 |
2023-10-12 | CVE-2023-29453 | Zabbix | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
2023-10-12 | CVE-2023-40833 | Thecosy | Unspecified vulnerability in Thecosy Icecms 1.0.0 An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | 9.8 |
2023-10-11 | CVE-2023-45132 | Wargio | Unspecified vulnerability in Wargio Naxsi 1.3/1.4/1.5 NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. | 9.8 |
2023-10-11 | CVE-2023-35646 | Out-of-bounds Write vulnerability in Google Android In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. | 9.8 | |
2023-10-11 | CVE-2023-35647 | Out-of-bounds Read vulnerability in Google Android In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 9.8 | |
2023-10-11 | CVE-2023-35648 | Out-of-bounds Read vulnerability in Google Android In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 9.8 | |
2023-10-11 | CVE-2023-35662 | Out-of-bounds Write vulnerability in Google Android there is a possible out of bounds write due to buffer overflow. | 9.8 | |
2023-10-11 | CVE-2023-24479 | Yifanwireless | Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-31272 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-32632 | Yifanwireless | Command Injection vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-32645 | Yifanwireless | Unspecified vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-34346 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-34365 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-34426 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35055 | Yifanwireless | Classic Buffer Overflow vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35056 | Yifanwireless | Classic Buffer Overflow vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35965 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35966 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35967 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-35968 | Yifanwireless | Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108 Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. | 9.8 |
2023-10-11 | CVE-2023-44105 | Huawei | Improper Privilege Management vulnerability in Huawei Emui and Harmonyos Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 |
2023-10-11 | CVE-2023-44116 | Huawei | Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 |
2023-10-11 | CVE-2023-44106 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 |
2023-10-11 | CVE-2023-5521 | Kernelsu | Incorrect Authorization vulnerability in Kernelsu Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. | 9.8 |
2023-10-10 | CVE-2023-35349 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2023-10-10 | CVE-2023-36419 | Microsoft | Unspecified vulnerability in Microsoft Azure Hdinsights Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability | 9.8 |
2023-10-10 | CVE-2023-36434 | Microsoft | Unspecified vulnerability in Microsoft products Windows IIS Server Elevation of Privilege Vulnerability | 9.8 |
2023-10-10 | CVE-2023-4309 | Electionservicesco | SQL Injection vulnerability in Electionservicesco Internet Election Service Election Services Co. | 9.8 |
2023-10-10 | CVE-2020-27630 | Silabs | Use of Insufficiently Random Values vulnerability in Silabs Uc/Tcp-Ip 3.6.0 In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 9.8 |
2023-10-10 | CVE-2020-27631 | Oryx Embedded | Use of Insufficiently Random Values vulnerability in Oryx-Embedded Cyclonetcp 1.9.6 In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | 9.8 |
2023-10-10 | CVE-2023-34992 | Fortinet | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |
2023-10-10 | CVE-2023-34993 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 |
2023-10-10 | CVE-2023-36547 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 |
2023-10-10 | CVE-2023-36548 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 |
2023-10-10 | CVE-2023-36549 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 |
2023-10-10 | CVE-2023-36550 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 |
2023-10-10 | CVE-2023-5495 | Qdocs | SQL Injection vulnerability in Qdocs Smart School 6.4.1 A vulnerability was found in QDocs Smart School 6.4.1. | 9.8 |
2023-10-10 | CVE-2023-30803 | Sangfor | Authentication Bypass by Spoofing vulnerability in Sangfor Next-Gen Application Firewall 8.0.17 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. | 9.8 |
2023-10-10 | CVE-2023-30805 | Sangfor | OS Command Injection vulnerability in Sangfor Next-Gen Application Firewall 8.0.17 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. | 9.8 |
2023-10-10 | CVE-2023-30806 | Sangfor | OS Command Injection vulnerability in Sangfor Next-Gen Application Firewall Ngaf8.0.17 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. | 9.8 |
2023-10-10 | CVE-2023-30801 | Qbittorrent | Use of Hard-coded Credentials vulnerability in Qbittorrent All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. | 9.8 |
2023-10-10 | CVE-2023-43625 | Siemens | Code Injection vulnerability in Siemens Simcenter Amesim A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). | 9.8 |
2023-10-09 | CVE-2023-43899 | Hansuncms Project | SQL Injection vulnerability in Hansuncms Project Hansuncms 1.0 hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | 9.8 |
2023-10-09 | CVE-2023-44467 | Langchain | Unspecified vulnerability in Langchain Experimental 0.0.14 langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | 9.8 |
2023-10-09 | CVE-2023-5365 | HP | Unspecified vulnerability in HP Life HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | 9.8 |
2023-10-09 | CVE-2023-43696 | Sick | Unrestricted Upload of File with Dangerous Type vulnerability in Sick Apu0200 Firmware Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | 9.8 |
2023-10-09 | CVE-2023-45612 | Jetbrains | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |
2023-10-12 | CVE-2023-45138 | Xwiki | Cross-site Scripting vulnerability in Xwiki Change Request Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. | 9.6 |
2023-10-10 | CVE-2023-41679 | Fortinet | Unspecified vulnerability in Fortinet Fortimanager An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | 9.6 |
2023-10-14 | CVE-2022-32755 | IBM | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2023-10-13 | CVE-2023-29464 | Rockwellautomation | Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Linx 6.20/6.30 FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. | 9.1 |
2023-10-13 | CVE-2023-4562 | Mitsubishielectric | Improper Authentication vulnerability in Mitsubishielectric products Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | 9.1 |
2023-10-12 | CVE-2023-32723 | Zabbix | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Request to LDAP is sent before user permissions are checked. | 9.1 |
2023-10-11 | CVE-2023-44107 | Huawei | Unspecified vulnerability in Huawei Harmonyos 2.1.0 Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. | 9.1 |
2023-10-11 | CVE-2023-44118 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 |
2023-10-11 | CVE-2023-44981 | Apache Debian | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. | 9.1 |
2023-10-10 | CVE-2020-27633 | Butok | Use of Insufficiently Random Values vulnerability in Butok Fnet 4.6.3 In FNET 4.6.3, TCP ISNs are improperly random. | 9.1 |
2023-10-10 | CVE-2020-27634 | Contiki NG | Use of Insufficiently Random Values vulnerability in Contiki-Ng 4.5 In Contiki 4.5, TCP ISNs are improperly random. | 9.1 |
2023-10-10 | CVE-2020-27635 | Capgemini | Use of Insufficiently Random Values vulnerability in Capgemini Picotcp 1.7.0 In PicoTCP 1.7.0, TCP ISNs are improperly random. | 9.1 |
2023-10-10 | CVE-2020-27636 | Microchip | Use of Insufficiently Random Values vulnerability in Microchip Mplab Network Creator 3.6.1 In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | 9.1 |
2023-10-09 | CVE-2023-43271 | 70Mai | Missing Authentication for Critical Function vulnerability in 70Mai A500S Firmware 1.2.119 Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | 9.1 |
2023-10-09 | CVE-2023-45613 | Jetbrains | Improper Certificate Validation vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 server certificates were not verified | 9.1 |
2023-10-10 | CVE-2023-35796 | Siemens | Cross-site Scripting vulnerability in Siemens Sinema Server 14.0 A vulnerability has been identified in SINEMA Server V14 (All versions). | 9.0 |
2023-10-09 | CVE-2023-44392 | Garden | Deserialization of Untrusted Data vulnerability in Garden Garden provides automation for Kubernetes development and testing. | 9.0 |
345 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-13 | CVE-2023-4263 | Zephyrproject | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | 8.8 |
2023-10-13 | CVE-2023-34975 | Qnap | OS Command Injection vulnerability in Qnap Video Station An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |
2023-10-13 | CVE-2023-34976 | Qnap | SQL Injection vulnerability in Qnap Video Station A SQL injection vulnerability has been reported to affect Video Station. | 8.8 |
2023-10-13 | CVE-2023-45270 | Pinpoint | Cross-Site Request Forgery (CSRF) vulnerability in Pinpoint Booking System Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | 8.8 |
2023-10-13 | CVE-2023-45276 | Automatededitor | Cross-Site Request Forgery (CSRF) vulnerability in Automatededitor Automated Editor Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions. | 8.8 |
2023-10-13 | CVE-2023-45267 | Sharkdropship | Cross-Site Request Forgery (CSRF) vulnerability in Sharkdropship Irivyou Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions. | 8.8 |
2023-10-13 | CVE-2023-45268 | Hitsteps | Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps web Analytics Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions. | 8.8 |
2023-10-13 | CVE-2023-45109 | Myback Link | Cross-Site Request Forgery (CSRF) vulnerability in Myback.Link Whitepage Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions. | 8.8 |
2023-10-13 | CVE-2023-45107 | Goodbarber | Cross-Site Request Forgery (CSRF) vulnerability in Goodbarber Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions. | 8.8 |
2023-10-13 | CVE-2023-45108 | Mailrelay | Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions. | 8.8 |
2023-10-13 | CVE-2023-38218 | Adobe | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . | 8.8 |
2023-10-13 | CVE-2023-44182 | Juniper | Unchecked Return Value vulnerability in Juniper Junos and Junos OS Evolved An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | 8.8 |
2023-10-12 | CVE-2023-27313 | Netapp | Unspecified vulnerability in Netapp Snapcenter SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | 8.8 |
2023-10-12 | CVE-2023-43149 | SPA Cart | Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3 SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | 8.8 |
2023-10-12 | CVE-2023-45133 | Debian Babeljs | Incorrect Comparison vulnerability in multiple products Babel is a compiler for writingJavaScript. | 8.8 |
2023-10-12 | CVE-2023-43147 | Phpjabbers | Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Limo Booking Software 1.0 PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | 8.8 |
2023-10-12 | CVE-2023-32124 | Arulprasadj | Cross-Site Request Forgery (CSRF) vulnerability in Arulprasadj Publish Confirm Message Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. | 8.8 |
2023-10-12 | CVE-2023-41131 | Followingmedarling | Cross-Site Request Forgery (CSRF) vulnerability in Followingmedarling Spotify Play Button Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. | 8.8 |
2023-10-12 | CVE-2023-45102 | Otwthemes | Cross-Site Request Forgery (CSRF) vulnerability in Otwthemes Blog Manager Light Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions. | 8.8 |
2023-10-12 | CVE-2023-45103 | Yasglobalizer | Cross-Site Request Forgery (CSRF) vulnerability in Yasglobalizer Permalinks Customizer Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. | 8.8 |
2023-10-12 | CVE-2023-45106 | Urvanov | Cross-Site Request Forgery (CSRF) vulnerability in Urvanov Syntax Highlighter Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions. | 8.8 |
2023-10-12 | CVE-2023-44998 | Randyhoyt | Cross-Site Request Forgery (CSRF) vulnerability in Randyhoyt Category Meta Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions. | 8.8 |
2023-10-12 | CVE-2023-45011 | Websivu | Cross-Site Request Forgery (CSRF) vulnerability in Websivu WP Power Stats Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions. | 8.8 |
2023-10-12 | CVE-2023-45048 | Repuso | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | 8.8 |
2023-10-12 | CVE-2023-45052 | Dan009 | Cross-Site Request Forgery (CSRF) vulnerability in Dan009 WP Bing MAP PRO Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. | 8.8 |
2023-10-12 | CVE-2023-45058 | Kaizencoders | Cross-Site Request Forgery (CSRF) vulnerability in Kaizencoders Short URL Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions. | 8.8 |
2023-10-12 | CVE-2023-45060 | FLA Shop | Cross-Site Request Forgery (CSRF) vulnerability in Fla-Shop Interactive World MAP Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. | 8.8 |
2023-10-12 | CVE-2023-45063 | Rayhan1 | Cross-Site Request Forgery (CSRF) vulnerability in Rayhan1 AI Content Writing Assistant Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions. | 8.8 |
2023-10-12 | CVE-2023-45068 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions. | 8.8 |
2023-10-12 | CVE-2023-23651 | Mainwp | SQL Injection vulnerability in Mainwp Google Analytics Extension Auth. | 8.8 |
2023-10-12 | CVE-2023-45047 | Leadsquared | Cross-Site Request Forgery (CSRF) vulnerability in Leadsquared Suite Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. | 8.8 |
2023-10-12 | CVE-2023-32724 | Zabbix | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Memory pointer is in a property of the Ducktape object. | 8.8 |
2023-10-12 | CVE-2023-1943 | Kubernetes | Unspecified vulnerability in Kubernetes Operations Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | 8.8 |
2023-10-11 | CVE-2023-5218 | Google Debian Fedoraproject | Use After Free vulnerability in multiple products Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-10-11 | CVE-2023-5474 | Google Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2023-10-11 | CVE-2023-5476 | Google Debian | Use After Free vulnerability in multiple products Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-10-11 | CVE-2023-43661 | ALL Three | Injection vulnerability in All-Three Cachet Cachet, the open-source status page system. | 8.8 |
2023-10-11 | CVE-2023-43960 | Dlink | Improper Privilege Management vulnerability in Dlink Dph-400Se Firmware 2.2.15.8 An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. | 8.8 |
2023-10-11 | CVE-2023-27380 | Peplink | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-28381 | Peplink | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-34356 | Peplink | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-35193 | Peplink | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-35194 | Peplink | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-44997 | Nitinrathod | Cross-Site Request Forgery (CSRF) vulnerability in Nitinrathod WP Forms Puzzle Captcha Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. | 8.8 |
2023-10-11 | CVE-2023-37536 | Hcltech Apache Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |
2023-10-11 | CVE-2023-5511 | Snipeitapp | Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 8.8 |
2023-10-10 | CVE-2023-45312 | Mtproto | Insecure Default Initialization of Resource vulnerability in Mtproto MT Proto Proxy In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. | 8.8 |
2023-10-10 | CVE-2023-36414 | Microsoft | Unspecified vulnerability in Microsoft Azure Identity SDK Azure Identity SDK Remote Code Execution Vulnerability | 8.8 |
2023-10-10 | CVE-2023-36415 | Microsoft | Unspecified vulnerability in Microsoft Azure Identity SDK Azure Identity SDK Remote Code Execution Vulnerability | 8.8 |
2023-10-10 | CVE-2023-36577 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-10-10 | CVE-2023-5497 | Tongda2000 | SQL Injection vulnerability in Tongda2000 Office Anywhere 11.10/2017 A vulnerability classified as critical has been found in Tongda OA 2017 11.10. | 8.8 |
2023-10-10 | CVE-2023-34985 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
2023-10-10 | CVE-2023-34986 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
2023-10-10 | CVE-2023-34987 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
2023-10-10 | CVE-2023-34988 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
2023-10-10 | CVE-2023-34989 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
2023-10-10 | CVE-2023-36556 | Fortinet | Incorrect Authorization vulnerability in Fortinet Fortimail An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 8.8 |
2023-10-10 | CVE-2023-41841 | Fortinet | Unspecified vulnerability in Fortinet Fortios An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | 8.8 |
2023-10-10 | CVE-2023-44995 | Wpdoctor | Cross-Site Request Forgery (CSRF) vulnerability in Wpdoctor Woocommerce Login Redirect Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. | 8.8 |
2023-10-10 | CVE-2023-44996 | Nareshparmar827 | Cross-Site Request Forgery (CSRF) vulnerability in Nareshparmar827 Post View Count Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. | 8.8 |
2023-10-10 | CVE-2023-5492 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. | 8.8 |
2023-10-10 | CVE-2023-5493 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. | 8.8 |
2023-10-10 | CVE-2023-5494 | Byzoro | OS Command Injection vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. | 8.8 |
2023-10-10 | CVE-2023-44471 | KAU Boys | Cross-Site Request Forgery (CSRF) vulnerability in Kau-Boys Backend Localization Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. | 8.8 |
2023-10-10 | CVE-2023-44475 | Msimpson | Cross-Site Request Forgery (CSRF) vulnerability in Msimpson ADD Shortcodes Actions and Filters Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | 8.8 |
2023-10-10 | CVE-2023-44476 | WP Copyrightpro | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Copyrightpro Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. | 8.8 |
2023-10-10 | CVE-2023-44994 | Bainternet | Cross-Site Request Forgery (CSRF) vulnerability in Bainternet Shortcodes UI Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | 8.8 |
2023-10-10 | CVE-2023-5489 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. | 8.8 |
2023-10-10 | CVE-2023-5490 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. | 8.8 |
2023-10-10 | CVE-2023-5491 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. | 8.8 |
2023-10-10 | CVE-2023-44241 | Keap | Cross-Site Request Forgery (CSRF) vulnerability in Keap Landing Pages Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. | 8.8 |
2023-10-10 | CVE-2023-44470 | Kvvaradha | Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha KV Tinymce Editor ADD Fonts Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. | 8.8 |
2023-10-10 | CVE-2023-5488 | Byzoro | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906 A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. | 8.8 |
2023-10-10 | CVE-2023-42796 | Siemens | Path Traversal vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). | 8.8 |
2023-10-10 | CVE-2023-44261 | Dineshkarki | Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki Block Plugin Update Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | 8.8 |
2023-10-10 | CVE-2023-4837 | Smod | Cross-Site Request Forgery (CSRF) vulnerability in Smod Smodbip SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. | 8.8 |
2023-10-10 | CVE-2023-41850 | Sparro | Cross-Site Request Forgery (CSRF) vulnerability in Sparro Outbound Link Manager 1.0/1.1/1.2 Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions. | 8.8 |
2023-10-10 | CVE-2023-41851 | Dotsquares | Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template 1.0 Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. | 8.8 |
2023-10-10 | CVE-2023-41852 | Mailmunch | Cross-Site Request Forgery (CSRF) vulnerability in Mailmunch Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions. | 8.8 |
2023-10-10 | CVE-2023-41853 | Wpicalavailability | Cross-Site Request Forgery (CSRF) vulnerability in Wpicalavailability WP Ical Availability Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. | 8.8 |
2023-10-10 | CVE-2023-41854 | Wpcentral | Cross-Site Request Forgery (CSRF) vulnerability in Wpcentral Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. | 8.8 |
2023-10-10 | CVE-2023-41858 | Tychesoftwares | Cross-Site Request Forgery (CSRF) vulnerability in Tychesoftwares Order Delivery Date for Woocommerce 1.0/1.1/1.2 Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | 8.8 |
2023-10-10 | CVE-2023-41876 | WP Gallery Metabox Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Gallery Metabox Project WP Gallery Metabox Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. | 8.8 |
2023-10-10 | CVE-2023-44257 | Mangboard | Cross-Site Request Forgery (CSRF) vulnerability in Mangboard Mang Board Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | 8.8 |
2023-10-10 | CVE-2023-44259 | Mediavine | Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Control Panel Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | 8.8 |
2023-10-10 | CVE-2023-41694 | Realbig | Cross-Site Request Forgery (CSRF) vulnerability in Realbig Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. | 8.8 |
2023-10-10 | CVE-2023-41697 | Nikunjsoni | Cross-Site Request Forgery (CSRF) vulnerability in Nikunjsoni Easy WP Cleaner Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions. | 8.8 |
2023-10-10 | CVE-2023-41730 | Pressified | Cross-Site Request Forgery (CSRF) vulnerability in Pressified Sendpress Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | 8.8 |
2023-10-10 | CVE-2023-41684 | Felixwelberg | Cross-Site Request Forgery (CSRF) vulnerability in Felixwelberg SIS Handball Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. | 8.8 |
2023-10-10 | CVE-2023-45208 | Dlink | Command Injection vulnerability in Dlink Dap-1860 Firmware 1.00/1.01B0501/1.01B94 A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. | 8.8 |
2023-10-10 | CVE-2023-44827 | Easycorp | Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 |
2023-10-10 | CVE-2023-44959 | Dlink | Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01/1.03 An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | 8.8 |
2023-10-10 | CVE-2023-44846 | Seacms | Unspecified vulnerability in Seacms An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | 8.8 |
2023-10-09 | CVE-2023-43641 | Lipnitsk Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products libcue provides an API for parsing and extracting data from CUE sheets. | 8.8 |
2023-10-09 | CVE-2023-44811 | Moosocial | Cross-Site Request Forgery (CSRF) vulnerability in Moosocial 3.1.8 Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | 8.8 |
2023-10-09 | CVE-2023-41669 | Daext | Cross-Site Request Forgery (CSRF) vulnerability in Daext Live News Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. | 8.8 |
2023-10-09 | CVE-2023-41670 | Palasthotel | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel USE Memcached Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. | 8.8 |
2023-10-09 | CVE-2023-41672 | Remileclercq | Cross-Site Request Forgery (CSRF) vulnerability in Remileclercq Hide Admin Notices - Admin Notification Center Plugin Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. | 8.8 |
2023-10-09 | CVE-2023-41667 | Ulfbenjaminsson | Cross-Site Request Forgery (CSRF) vulnerability in Ulfbenjaminsson Wp-Dtree Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 8.8 |
2023-10-09 | CVE-2023-41668 | Leadster | Cross-Site Request Forgery (CSRF) vulnerability in Leadster Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | 8.8 |
2023-10-09 | CVE-2023-42455 | Wazuh | Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App Wazuh is a security detection, visibility, and compliance open source project. | 8.8 |
2023-10-09 | CVE-2023-41660 | Wpsynchro | Cross-Site Request Forgery (CSRF) vulnerability in Wpsynchro WP Synchro Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | 8.8 |
2023-10-09 | CVE-2023-44240 | Peterbutler | Cross-Site Request Forgery (CSRF) vulnerability in Peterbutler Timthumb vulnerability Scanner Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions. | 8.8 |
2023-10-09 | CVE-2023-44473 | Dublue | Cross-Site Request Forgery (CSRF) vulnerability in Dublue Table of Contents Plus Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. | 8.8 |
2023-10-09 | CVE-2023-44993 | Quantumcloud | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 8.8 |
2023-10-09 | CVE-2023-44236 | Devnath Verma | Cross-Site Request Forgery (CSRF) vulnerability in Devnath Verma WP Captcha 2.0.0 Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions. | 8.8 |
2023-10-09 | CVE-2023-44237 | Moriyan JAY | Cross-Site Request Forgery (CSRF) vulnerability in Moriyan JAY WP Site Protector 2.0 Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. | 8.8 |
2023-10-09 | CVE-2023-44238 | Joakimling | Cross-Site Request Forgery (CSRF) vulnerability in Joakimling Remove Slug From Custom Post Type Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions. | 8.8 |
2023-10-09 | CVE-2023-44246 | Matiass | Cross-Site Request Forgery (CSRF) vulnerability in Matiass Shockingly Simple Favicon Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. | 8.8 |
2023-10-09 | CVE-2023-44231 | Nickduncan | Cross-Site Request Forgery (CSRF) vulnerability in Nickduncan Contact Form Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. | 8.8 |
2023-10-09 | CVE-2023-44232 | Nxsn | Cross-Site Request Forgery (CSRF) vulnerability in Nxsn WP Hide Pages Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions. | 8.8 |
2023-10-09 | CVE-2023-44260 | Rebing | Cross-Site Request Forgery (CSRF) vulnerability in Rebing Woocommerce Esto Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions. | 8.8 |
2023-10-09 | CVE-2023-45350 | Atos | Unspecified vulnerability in Atos Unify Openscape 4000 Manager 10 Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. | 8.8 |
2023-10-09 | CVE-2023-45351 | Atos | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. | 8.8 |
2023-10-09 | CVE-2023-45352 | Atos | Path Traversal vulnerability in Atos Unify Openscape Common Management 10 Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. | 8.8 |
2023-10-09 | CVE-2023-45353 | Atos | Unrestricted Upload of File with Dangerous Type vulnerability in Atos Unify Openscape Common Management 10 Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. | 8.8 |
2023-10-09 | CVE-2023-45354 | Atos | Unspecified vulnerability in Atos Unify Openscape Common Management 10 Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. | 8.8 |
2023-10-09 | CVE-2023-45355 | Atos | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. | 8.8 |
2023-10-09 | CVE-2023-45356 | Atos | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. | 8.8 |
2023-10-13 | CVE-2023-38219 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 8.7 |
2023-10-10 | CVE-2023-43746 | F5 | Privilege Defined With Unsafe Actions vulnerability in F5 products When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.7 |
2023-10-10 | CVE-2023-36569 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Elevation of Privilege Vulnerability | 8.4 |
2023-10-11 | CVE-2022-44757 | Hcltech | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. | 8.2 |
2023-10-13 | CVE-2023-33303 | Fortinet | Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1 A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | 8.1 |
2023-10-12 | CVE-2023-43148 | SPA Cart | Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3 SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | 8.1 |
2023-10-12 | CVE-2023-27395 | Softether | Out-of-bounds Write vulnerability in Softether VPN 4.419782/5.01.9674/5.02 A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. | 8.1 |
2023-10-11 | CVE-2023-26320 | MI | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 8.1 |
2023-10-10 | CVE-2023-38166 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41765 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41767 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41768 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41769 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41770 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41771 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41773 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-41774 | Microsoft | Race Condition vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2023-10-10 | CVE-2023-40537 | F5 | Insufficient Session Expiration vulnerability in F5 products An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.1 |
2023-10-10 | CVE-2023-44848 | Seacms | Unspecified vulnerability in Seacms An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | 8.1 |
2023-10-10 | CVE-2023-36697 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8.0 |
2023-10-10 | CVE-2023-36778 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2023-10-15 | CVE-2023-40378 | IBM | Unspecified vulnerability in IBM I IBM Directory Server for IBM i contains a local privilege escalation vulnerability. | 7.8 |
2023-10-15 | CVE-2023-5586 | Gpac | NULL Pointer Dereference vulnerability in Gpac NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
2023-10-13 | CVE-2023-43079 | Dell | Improper Access Control vulnerability in Dell EMC Openmanage Server Administrator Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. | 7.8 |
2023-10-13 | CVE-2023-44194 | Juniper | Incorrect Default Permissions vulnerability in Juniper Junos An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. | 7.8 |
2023-10-12 | CVE-2023-27316 | Netapp | Unspecified vulnerability in Netapp Snapcenter 4.8 SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 7.8 |
2023-10-12 | CVE-2023-23632 | Beyondtrust | Improper Authentication vulnerability in Beyondtrust Privileged Remote Access BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. | 7.8 |
2023-10-12 | CVE-2023-27516 | Softether | Insecure Default Initialization of Resource vulnerability in Softether VPN 4.419782/5.01.9674 An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. | 7.8 |
2023-10-12 | CVE-2023-32722 | Zabbix | Out-of-bounds Write vulnerability in Zabbix The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 |
2023-10-11 | CVE-2023-3781 | Improper Locking vulnerability in Google Android there is a possible use-after-free write due to improper locking. | 7.8 | |
2023-10-11 | CVE-2023-40141 | Out-of-bounds Write vulnerability in Google Android In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-10-11 | CVE-2023-40142 | Unspecified vulnerability in Google Android In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. | 7.8 | |
2023-10-11 | CVE-2023-5535 | VIM Fedoraproject | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to v9.0.2010. | 7.8 |
2023-10-11 | CVE-2023-38817 | Echo | Improper Privilege Management vulnerability in Echo Anti Cheat Tool An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. | 7.8 |
2023-10-11 | CVE-2023-4936 | Synaptics | Uncontrolled Search Path Element vulnerability in Synaptics Displaylink USB Graphics It is possible to sideload a compromised DLL during the installation at elevated privilege. | 7.8 |
2023-10-11 | CVE-2023-26370 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Photoshop 2022, Photoshop 2023 and Photoshop 2024 Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-10-11 | CVE-2023-42138 | Keyence | Out-of-bounds Read vulnerability in Keyence KV Replay Viewer and KV Studio Out-of-bounds read vulnerability exists in KV STUDIO Ver. | 7.8 |
2023-10-10 | CVE-2023-31096 | Broadcom | Out-of-bounds Write vulnerability in Broadcom LSI Pci-Sv92Ex Firmware 2.2.100.1 An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). | 7.8 |
2023-10-10 | CVE-2023-36417 | Microsoft | Unspecified vulnerability in Microsoft OLE DB Driver for SQL Server and SQL Server Microsoft SQL OLE DB Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36418 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36420 | Microsoft | Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36436 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36557 | Microsoft | Unspecified vulnerability in Microsoft products PrintHTML API Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36594 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36598 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36605 | Microsoft | Unspecified vulnerability in Microsoft products Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36701 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36702 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36704 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 1809 and Windows Server 2019 Windows Setup Files Cleanup Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36710 | Microsoft | Unspecified vulnerability in Microsoft products Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36711 | Microsoft | Unspecified vulnerability in Microsoft products Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36712 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36718 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36723 | Microsoft | Unspecified vulnerability in Microsoft products Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36725 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36726 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36729 | Microsoft | Unspecified vulnerability in Microsoft products Named Pipe File System Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36730 | Microsoft | Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36731 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36732 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36737 | Microsoft | Unspecified vulnerability in Microsoft Azure Network Watcher 1.4.2798.1 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36743 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36785 | Microsoft | Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-10-10 | CVE-2023-36790 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-41766 | Microsoft | Unspecified vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2023-41772 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-10-10 | CVE-2022-22298 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiisolator A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | 7.8 |
2023-10-10 | CVE-2023-25607 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | 7.8 |
2023-10-10 | CVE-2023-43896 | Macrium | Classic Buffer Overflow vulnerability in Macrium Reflect 8.1.7544 A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | 7.8 |
2023-10-10 | CVE-2023-43611 | F5 | Improper Verification of Cryptographic Signature vulnerability in F5 products The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.8 |
2023-10-10 | CVE-2023-43787 | X ORG Redhat Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. | 7.8 |
2023-10-10 | CVE-2023-5450 | F5 | Insufficient Verification of Data Authenticity vulnerability in F5 Big-Ip Access Policy Manager An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.8 |
2023-10-10 | CVE-2022-30527 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS 1.0/1.0.3 A vulnerability has been identified in SINEC NMS (All versions < V2.0). | 7.8 |
2023-10-10 | CVE-2023-30900 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens Xpedition Layout Browser A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). | 7.8 |
2023-10-10 | CVE-2023-36380 | Siemens | Use of Hard-coded Credentials vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). | 7.8 |
2023-10-10 | CVE-2023-44081 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44082 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44083 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44084 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44085 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44086 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-44087 | Siemens | Out-of-bounds Read vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-45204 | Siemens | Incorrect Type Conversion or Cast vulnerability in Siemens Tecnomatix A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-10 | CVE-2023-45205 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Pas/Pqs A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). | 7.8 |
2023-10-10 | CVE-2023-45601 | Siemens | Out-of-bounds Write vulnerability in Siemens Parasolid and Tecnomatix A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). | 7.8 |
2023-10-09 | CVE-2023-5463 | Xinje | Uncontrolled Search Path Element vulnerability in Xinje Xdppro 3.7.17A A vulnerability was found in XINJE XDPPro up to 3.7.17a. | 7.8 |
2023-10-09 | CVE-2022-3431 | Lenovo | Incorrect Default Permissions vulnerability in Lenovo products A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 7.8 |
2023-10-09 | CVE-2023-44400 | Uptime Kuma | Session Fixation vulnerability in Uptime.Kuma Uptime Kuma Uptime Kuma is a self-hosted monitoring tool. | 7.8 |
2023-10-13 | CVE-2023-5557 | Gnome Redhat | A flaw was found in the tracker-miners package. | 7.7 |
2023-10-14 | CVE-2023-35024 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 7.6 |
2023-10-15 | CVE-2023-5590 | Selenium | NULL Pointer Dereference vulnerability in Selenium NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0. | 7.5 |
2023-10-15 | CVE-2023-38312 | Valvesoftware | Path Traversal vulnerability in Valvesoftware Counter-Strike 8684 A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. | 7.5 |
2023-10-15 | CVE-2023-45871 | Linux Debian | Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. | 7.5 |
2023-10-14 | CVE-2023-30994 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2023-10-14 | CVE-2022-43740 | IBM | Resource Exhaustion vulnerability in IBM Security Verify Access Oidc Provider IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. | 7.5 |
2023-10-14 | CVE-2022-33165 | IBM | Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-10-14 | CVE-2023-44037 | Zpesystems | Cleartext Storage of Sensitive Information vulnerability in Zpesystems Nodegrid OS An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | 7.5 |
2023-10-14 | CVE-2023-45855 | Qdpm | Path Traversal vulnerability in Qdpm 9.2 qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | 7.5 |
2023-10-13 | CVE-2023-32974 | Qnap | Path Traversal vulnerability in Qnap Qts, Quts Hero and Qutscloud A path traversal vulnerability has been reported to affect several QNAP operating system versions. | 7.5 |
2023-10-13 | CVE-2023-4499 | HP | Improper Certificate Validation vulnerability in HP Thinupdate A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. | 7.5 |
2023-10-13 | CVE-2023-41682 | Fortinet | Path Traversal vulnerability in Fortinet Fortisandbox A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | 7.5 |
2023-10-13 | CVE-2023-39960 | Nextcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 7.5 |
2023-10-13 | CVE-2023-45130 | Parity | Allocation of Resources Without Limits or Throttling vulnerability in Parity Frontier Frontier is Substrate's Ethereum compatibility layer. | 7.5 |
2023-10-13 | CVE-2023-45463 | Netis Systems | Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. | 7.5 |
2023-10-13 | CVE-2023-45464 | Netis Systems | Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. | 7.5 |
2023-10-13 | CVE-2023-45468 | Netis Systems | Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. | 7.5 |
2023-10-13 | CVE-2023-5240 | Devolutions | Unspecified vulnerability in Devolutions Server Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | 7.5 |
2023-10-13 | CVE-2023-5571 | Vrite | Improper Input Validation vulnerability in Vrite Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | 7.5 |
2023-10-13 | CVE-2023-38220 | Adobe | Improper Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. | 7.5 |
2023-10-13 | CVE-2023-44181 | Juniper | Infinite Loop vulnerability in Juniper Junos An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k. | 7.5 |
2023-10-13 | CVE-2023-44185 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | 7.5 |
2023-10-13 | CVE-2023-44191 | Juniper | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1 | 7.5 |
2023-10-13 | CVE-2023-44192 | Juniper | Memory Leak vulnerability in Juniper Junos An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. | 7.5 |
2023-10-13 | CVE-2023-44197 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos and Junos OS Evolved An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. | 7.5 |
2023-10-13 | CVE-2023-44198 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1. | 7.5 |
2023-10-13 | CVE-2023-44199 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2. | 7.5 |
2023-10-13 | CVE-2023-5563 | Zephyrproject | Unspecified vulnerability in Zephyrproject Zephyr The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. | 7.5 |
2023-10-12 | CVE-2023-36841 | Juniper | Resource Exhaustion vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. | 7.5 |
2023-10-12 | CVE-2023-36843 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. | 7.5 |
2023-10-12 | CVE-2023-44175 | Juniper | Reachable Assertion vulnerability in Juniper Junos A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | 7.5 |
2023-10-12 | CVE-2023-45510 | Justdan96 | Unspecified vulnerability in Justdan96 Tsmuxer Nightly20231005015556 tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error. | 7.5 |
2023-10-12 | CVE-2023-27314 | Netapp | Unspecified vulnerability in Netapp Clustered Data Ontap ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | 7.5 |
2023-10-12 | CVE-2023-45142 | Opentelemetry | Allocation of Resources Without Limits or Throttling vulnerability in Opentelemetry 0.43.0 OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. | 7.5 |
2023-10-12 | CVE-2023-5072 | Json Java Project | Allocation of Resources Without Limits or Throttling vulnerability in Json-Java Project Json-Java Denial of Service in JSON-Java versions up to and including 20230618. | 7.5 |
2023-10-12 | CVE-2023-22308 | Softether | Integer Underflow (Wrap or Wraparound) vulnerability in Softether VPN 5.01.9674/5.02 An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. | 7.5 |
2023-10-12 | CVE-2023-23581 | Softether | Out-of-bounds Read vulnerability in Softether VPN 5.01.9674/5.02 A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. | 7.5 |
2023-10-12 | CVE-2023-25774 | Softether | Unspecified vulnerability in Softether VPN 5.02 A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. | 7.5 |
2023-10-12 | CVE-2023-40829 | Tencent | Incorrect Authorization vulnerability in Tencent Enterprise Wechat Privatization 2.5.0/2.6.930000 There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | 7.5 |
2023-10-11 | CVE-2023-39325 | Golang Fedoraproject Netapp | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
2023-10-11 | CVE-2023-44186 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). | 7.5 |
2023-10-11 | CVE-2023-35652 | Out-of-bounds Read vulnerability in Google Android In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-10-11 | CVE-2023-35661 | Out-of-bounds Read vulnerability in Google Android In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-10-11 | CVE-2023-44961 | Koha Community | SQL Injection vulnerability in Koha-Community Koha Library Software SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. | 7.5 |
2023-10-11 | CVE-2023-44108 | Huawei | Type Confusion vulnerability in Huawei Emui and Harmonyos Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | 7.5 |
2023-10-11 | CVE-2023-44114 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44119 | Huawei | Improper Locking vulnerability in Huawei Emui and Harmonyos Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability. | 7.5 |
2023-10-11 | CVE-2023-44095 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. | 7.5 |
2023-10-11 | CVE-2023-44097 | Huawei | Information Exposure vulnerability in Huawei Emui and Harmonyos Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44100 | Huawei | Incorrect Resource Transfer Between Spheres vulnerability in Huawei Emui and Harmonyos Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44101 | Huawei | Exposure of Resource to Wrong Sphere vulnerability in Huawei Harmonyos The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44103 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44104 | Huawei | Incorrect Resource Transfer Between Spheres vulnerability in Huawei Emui and Harmonyos Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44111 | Huawei | Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44093 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44096 | Huawei | Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-44109 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2023-10-11 | CVE-2023-4990 | MCL Collection | Path Traversal vulnerability in Mcl-Collection Mcl-Net Firmware 4.3.5.8788 Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | 7.5 |
2023-10-10 | CVE-2023-36127 | Phpjabbers | Information Exposure Through Discrepancy vulnerability in PHPjabbers Appointment Scheduler 3.0 User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. | 7.5 |
2023-10-10 | CVE-2023-29348 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36431 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36435 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft QUIC Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36438 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36567 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Information Disclosure Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36579 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36581 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36585 | Microsoft | Unspecified vulnerability in Microsoft products Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36596 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft products Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36602 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36603 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36606 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36703 | Microsoft | Unspecified vulnerability in Microsoft products DHCP Server Service Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36707 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36709 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-36720 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2023-38171 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft QUIC Denial of Service Vulnerability | 7.5 |
2023-10-10 | CVE-2020-27213 | Ethernut | Use of Insufficiently Random Values vulnerability in Ethernut Nut/Os 5.1 An issue was discovered in Ethernut Nut/OS 5.1. | 7.5 |
2023-10-10 | CVE-2023-36478 | Eclipse Jenkins Debian | Resource Exhaustion vulnerability in multiple products Eclipse Jetty provides a web server and servlet container. | 7.5 |
2023-10-10 | CVE-2023-37935 | Fortinet | Unspecified vulnerability in Fortinet Fortios A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | 7.5 |
2023-10-10 | CVE-2023-40718 | Fortinet | Interpretation Conflict vulnerability in Fortinet Fortios IPS Engine A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | 7.5 |
2023-10-10 | CVE-2023-44487 | Ietf Nghttp2 Netty Envoyproxy Eclipse Caddyserver Golang F5 Apache Apple Grpc Microsoft Nodejs Dena Amazon Debian Kazu Yamamoto Istio Varnish Cache Project Traefik Projectcontour Linkerd Linecorp Redhat Fedoraproject Netapp Akka Konghq Jenkins Openresty Cisco | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-10-10 | CVE-2023-4966 | Citrix | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |
2023-10-10 | CVE-2023-5499 | Reachfargps | Information Exposure Through Log Files vulnerability in Reachfargps Reachfar GPS Firmware 28 Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. | 7.5 |
2023-10-10 | CVE-2023-40534 | F5 | Memory Leak vulnerability in F5 products When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2023-10-10 | CVE-2023-40542 | F5 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
2023-10-10 | CVE-2023-41085 | F5 | Improper Handling of Exceptional Conditions vulnerability in F5 products When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2023-10-10 | CVE-2023-42189 | Tapo Nanoleaf Govee Switchbot Phillips Yeelight TP Link Orein EVE | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | 7.5 |
2023-10-10 | CVE-2023-40310 | SAP | Missing XML Validation vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. | 7.5 |
2023-10-10 | CVE-2023-5471 | Farmacia Project | SQL Injection vulnerability in Farmacia Project Farmacia 1.0 A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. | 7.5 |
2023-10-09 | CVE-2023-5462 | Xinje | Improper Resource Shutdown or Release vulnerability in Xinje Xd5E-30R-E Firmware 3.5.3B A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. | 7.5 |
2023-10-09 | CVE-2023-5459 | Deltaww | Improper Resource Shutdown or Release vulnerability in Deltaww products A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. | 7.5 |
2023-10-09 | CVE-2023-43699 | Sick | Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Apu0200 Firmware Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | 7.5 |
2023-10-09 | CVE-2023-43700 | Sick | Missing Authorization vulnerability in Sick Apu0200 Firmware Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | 7.5 |
2023-10-09 | CVE-2023-5330 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | 7.5 |
2023-10-09 | CVE-2023-3589 | 3DS | Cross-Site Request Forgery (CSRF) vulnerability in 3DS Teamwork Cloud NO Magic Release 2021X/2022X A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | 7.5 |
2023-10-09 | CVE-2023-45371 | Mediawiki | Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
2023-10-09 | CVE-2023-45363 | Mediawiki Debian | Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
2023-10-09 | CVE-2023-45349 | Atos | Unspecified vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. | 7.5 |
2023-10-12 | CVE-2023-32634 | Softether | Unspecified vulnerability in Softether VPN 4.419782/5.01.9674 An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. | 7.4 |
2023-10-10 | CVE-2023-45226 | F5 | Use of Hard-coded Credentials vulnerability in F5 Big-Ip Next Service Proxy for Kubernetes 1.5.0 The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. | 7.4 |
2023-10-10 | CVE-2020-18336 | Typora | Cross-site Scripting vulnerability in Typora 0.9.65 Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | 7.4 |
2023-10-10 | CVE-2023-36561 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2020.0.2/2020.1.2/2022.0.1 Azure DevOps Server Elevation of Privilege Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36570 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36571 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36572 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36573 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36574 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36575 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36578 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36582 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36583 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36589 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36590 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36591 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36592 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-10 | CVE-2023-36593 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
2023-10-09 | CVE-2023-45248 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Agent Local privilege escalation due to DLL hijacking vulnerability. | 7.3 |
2023-10-13 | CVE-2023-32973 | Qnap | Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
2023-10-13 | CVE-2023-32976 | Qnap | OS Command Injection vulnerability in Qnap Container Station An OS command injection vulnerability has been reported to affect Container Station. | 7.2 |
2023-10-11 | CVE-2023-35649 | Out-of-bounds Write vulnerability in Google Android In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. | 7.2 | |
2023-10-11 | CVE-2023-23930 | Vantage6 | Deserialization of Untrusted Data vulnerability in Vantage6 vantage6 is privacy preserving federated learning infrastructure. | 7.2 |
2023-10-11 | CVE-2023-26318 | MI | Classic Buffer Overflow vulnerability in MI Xiaomi Router Ax3200 Firmware Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | 7.2 |
2023-10-11 | CVE-2023-26319 | MI | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 7.2 |
2023-10-10 | CVE-2023-36780 | Microsoft | Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019 Skype for Business Remote Code Execution Vulnerability | 7.2 |
2023-10-10 | CVE-2023-36786 | Microsoft | Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019 Skype for Business Remote Code Execution Vulnerability | 7.2 |
2023-10-10 | CVE-2023-36789 | Microsoft | Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019 Skype for Business Remote Code Execution Vulnerability | 7.2 |
2023-10-10 | CVE-2023-42768 | F5 | Insufficient Session Expiration vulnerability in F5 products When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. | 7.2 |
2023-10-10 | CVE-2023-44847 | Seacms | Unspecified vulnerability in Seacms An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | 7.2 |
2023-10-11 | CVE-2023-5520 | Gpac | Out-of-bounds Read vulnerability in Gpac Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 7.1 |
2023-10-10 | CVE-2023-41838 | Fortinet | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | 7.1 |
2023-10-09 | CVE-2023-45247 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure and manipulation due to missing authorization. | 7.1 |
2023-10-10 | CVE-2023-36565 | Microsoft | Unspecified vulnerability in Microsoft Office and Office Long Term Servicing Channel Microsoft Office Graphics Elevation of Privilege Vulnerability | 7.0 |
2023-10-10 | CVE-2023-36568 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | 7.0 |
2023-10-10 | CVE-2023-36721 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.0 |
2023-10-10 | CVE-2023-36776 | Microsoft | Race Condition vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.0 |
2023-10-10 | CVE-2023-36902 | Microsoft | Race Condition vulnerability in Microsoft products Windows Runtime Remote Code Execution Vulnerability | 7.0 |
2023-10-10 | CVE-2023-38159 | Microsoft | Race Condition vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.0 |
207 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-13 | CVE-2023-5409 | HP | Unspecified vulnerability in HP products HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. | 6.8 |
2023-10-13 | CVE-2023-26366 | Adobe | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. | 6.8 |
2023-10-09 | CVE-2022-3728 | Lenovo | Insufficient Physical Protection Mechanism vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 6.8 |
2023-10-09 | CVE-2022-48182 | Lenovo | Insufficient Physical Protection Mechanism vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 6.8 |
2023-10-09 | CVE-2022-48183 | Lenovo | Insufficient Physical Protection Mechanism vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 6.8 |
2023-10-11 | CVE-2023-35654 | Out-of-bounds Read vulnerability in Google Android In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. | 6.7 | |
2023-10-11 | CVE-2023-35655 | Out-of-bounds Read vulnerability in Google Android In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. | 6.7 | |
2023-10-11 | CVE-2023-35660 | Use After Free vulnerability in Google Android In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. | 6.7 | |
2023-10-10 | CVE-2023-42788 | Fortinet | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | 6.7 |
2023-10-10 | CVE-2023-37194 | Siemens | Improper Access Control vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). | 6.7 |
2023-10-13 | CVE-2023-38221 | Adobe | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
2023-10-13 | CVE-2023-38249 | Adobe | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
2023-10-13 | CVE-2023-38250 | Adobe | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
2023-10-14 | CVE-2023-5579 | Yzh66 | Information Exposure vulnerability in Yzh66 Sandbox 6.1.0 A vulnerability was found in yhz66 Sandbox 6.1.0. | 6.5 |
2023-10-14 | CVE-2023-42663 | Apache | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | 6.5 |
2023-10-14 | CVE-2023-42780 | Apache | Information Exposure vulnerability in Apache Airflow Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. | 6.5 |
2023-10-14 | CVE-2023-42792 | Apache | Exposure of Resource to Wrong Sphere vulnerability in Apache Airflow Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | 6.5 |
2023-10-14 | CVE-2023-45674 | Farmbot | SQL Injection vulnerability in Farmbot web APP Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. | 6.5 |
2023-10-13 | CVE-2023-45393 | Grandingteco | Authorization Bypass Through User-Controlled Key vulnerability in Grandingteco Utime Master 9.0.7 An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | 6.5 |
2023-10-13 | CVE-2023-5573 | Vrite | Allocation of Resources Without Limits or Throttling vulnerability in Vrite Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. | 6.5 |
2023-10-13 | CVE-2023-44184 | Juniper | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos and Junos OS Evolved An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf' | 6.5 |
2023-10-13 | CVE-2023-44196 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. | 6.5 |
2023-10-13 | CVE-2023-44203 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. | 6.5 |
2023-10-13 | CVE-2023-44204 | Juniper | Improper Input Validation vulnerability in Juniper Junos and Junos OS Evolved An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO; | 6.5 |
2023-10-12 | CVE-2023-22392 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. | 6.5 |
2023-10-12 | CVE-2023-36839 | Juniper | Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. | 6.5 |
2023-10-11 | CVE-2023-5475 | Google Fedoraproject Debian | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. | 6.5 |
2023-10-11 | CVE-2023-5479 | Google Debian | Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. | 6.5 |
2023-10-11 | CVE-2023-5481 | Google Debian | Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2023-10-11 | CVE-2023-5483 | Google Debian | Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
2023-10-11 | CVE-2023-5484 | Google Fedoraproject Debian | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2023-10-11 | CVE-2023-5487 | Google Fedoraproject | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |
2023-10-11 | CVE-2023-45396 | Elenos | Authorization Bypass Through User-Controlled Key vulnerability in Elenos Etg150 Firmware 3.12 An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | 6.5 |
2023-10-10 | CVE-2023-36429 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 |
2023-10-10 | CVE-2023-36433 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 |
2023-10-10 | CVE-2023-36564 | Microsoft | Unspecified vulnerability in Microsoft products Windows Search Security Feature Bypass Vulnerability | 6.5 |
2023-10-10 | CVE-2023-36566 | Microsoft | Unspecified vulnerability in Microsoft Common Data Model SDK Microsoft Common Data Model SDK Denial of Service Vulnerability | 6.5 |
2023-10-10 | CVE-2023-36706 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Information Disclosure Vulnerability | 6.5 |
2023-10-10 | CVE-2023-36717 | Microsoft | Unspecified vulnerability in Microsoft products Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 6.5 |
2023-10-10 | CVE-2023-42787 | Fortinet | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 6.5 |
2023-10-10 | CVE-2023-44249 | Fortinet | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 |
2023-10-10 | CVE-2023-30804 | Sangfor | Unspecified vulnerability in Sangfor Next-Gen Application Firewall 8.0.17 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. | 6.5 |
2023-10-10 | CVE-2023-41964 | F5 | Cleartext Storage of Sensitive Information vulnerability in F5 products The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 |
2023-10-10 | CVE-2023-42477 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java 7.50 SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | 6.5 |
2023-10-09 | CVE-2022-36228 | Janusintl | Missing Authorization vulnerability in Janusintl products Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. | 6.5 |
2023-10-09 | CVE-2023-41047 | Octoprint | Unspecified vulnerability in Octoprint OctoPrint is a web interface for 3D printers. | 6.5 |
2023-10-09 | CVE-2023-25822 | Reportportal | Allocation of Resources Without Limits or Throttling vulnerability in Reportportal Service-Api ReportPortal is an AI-powered test automation platform. | 6.5 |
2023-10-09 | CVE-2023-36820 | Objectcomputing | Improper Access Control vulnerability in Objectcomputing Micronaut Security Micronaut Security is a security solution for applications. | 6.5 |
2023-10-09 | CVE-2023-43697 | Sick | Unspecified vulnerability in Sick Apu0200 Firmware Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | 6.5 |
2023-10-09 | CVE-2023-5100 | Sick | Cleartext Transmission of Sensitive Information vulnerability in Sick Apu0200 Firmware Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | 6.5 |
2023-10-09 | CVE-2023-5333 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | 6.5 |
2023-10-09 | CVE-2023-39854 | ATX | Server-Side Request Forgery (SSRF) vulnerability in ATX Ucrypt 3.5 The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. | 6.5 |
2023-10-09 | CVE-2023-45367 | Mediawiki | Unspecified vulnerability in Mediawiki An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 6.5 |
2023-10-14 | CVE-2023-45863 | Linux | Out-of-bounds Write vulnerability in Linux Kernel An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. | 6.4 |
2023-10-11 | CVE-2023-35645 | Out-of-bounds Write vulnerability in Google Android In tbd of tbd, there is a possible memory corruption due to a race condition. | 6.4 | |
2023-10-11 | CVE-2023-5473 | Google Debian | Use After Free vulnerability in multiple products Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 6.3 |
2023-10-15 | CVE-2018-25091 | Python | Open Redirect vulnerability in Python Urllib3 1.10.2 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). | 6.1 |
2023-10-15 | CVE-2023-5585 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Online Motorcycle (Bike) Rental System 1.0 A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. | 6.1 |
2023-10-14 | CVE-2023-5581 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. | 6.1 |
2023-10-13 | CVE-2023-41680 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortisandbox A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 |
2023-10-13 | CVE-2023-41681 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortisandbox A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 |
2023-10-13 | CVE-2023-41836 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortisandbox An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 |
2023-10-12 | CVE-2023-5562 | Knime | Cross-site Scripting vulnerability in Knime Analytics Platform An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. | 6.1 |
2023-10-12 | CVE-2023-5555 | Frappe | Cross-site Scripting vulnerability in Frappe LMS 1.0.0 Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. | 6.1 |
2023-10-12 | CVE-2023-5556 | Structurizr | Cross-site Scripting vulnerability in Structurizr On-Premises Installation Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. | 6.1 |
2023-10-11 | CVE-2023-37538 | Hcltech | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience is susceptible to cross site scripting (XSS). | 6.1 |
2023-10-10 | CVE-2023-36126 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 |
2023-10-10 | CVE-2023-36416 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.1 |
2023-10-09 | CVE-2023-44812 | Moosocial | Cross-site Scripting vulnerability in Moosocial 3.1.8 Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | 6.1 |
2023-10-09 | CVE-2023-44813 | Moosocial | Cross-site Scripting vulnerability in Moosocial 3.1.8 Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | 6.1 |
2023-10-09 | CVE-2023-44393 | Piwigo | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Piwigo Piwigo is an open source photo gallery application. | 6.1 |
2023-10-09 | CVE-2023-43643 | Antisamy Project | Cross-site Scripting vulnerability in Antisamy Project Antisamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. | 6.1 |
2023-10-09 | CVE-2023-43698 | Sick | Cross-site Scripting vulnerability in Sick Apu0200 Firmware Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. | 6.1 |
2023-10-09 | CVE-2023-45373 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 6.1 |
2023-10-09 | CVE-2023-39189 | Linux Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A flaw was found in the Netfilter subsystem in the Linux kernel. | 6.0 |
2023-10-09 | CVE-2023-39192 | Linux Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A flaw was found in the Netfilter subsystem in the Linux kernel. | 6.0 |
2023-10-09 | CVE-2023-39193 | Linux Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A flaw was found in the Netfilter subsystem in the Linux kernel. | 6.0 |
2023-10-14 | CVE-2022-33161 | IBM | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2023-10-12 | CVE-2023-22325 | Softether | Infinite Loop vulnerability in Softether VPN 4.419782/5.01.9674/5.02 A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. | 5.9 |
2023-10-10 | CVE-2023-42794 | Apache | Incomplete Cleanup vulnerability in Apache Tomcat Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. | 5.9 |
2023-10-09 | CVE-2023-5461 | Deltaww | Cleartext Transmission of Sensitive Information vulnerability in Deltaww Wplsoft 2.51 A vulnerability was found in Delta Electronics WPLSoft 2.51. | 5.9 |
2023-10-09 | CVE-2023-5460 | Deltaww | Heap-based Buffer Overflow vulnerability in Deltaww Wplsoft A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. | 5.7 |
2023-10-14 | CVE-2023-45862 | Linux Netapp | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. | 5.5 |
2023-10-14 | CVE-2023-45176 | IBM | Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. | 5.5 |
2023-10-14 | CVE-2023-1259 | Hotjar | Cross-site Scripting vulnerability in Hotjar The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. | 5.5 |
2023-10-13 | CVE-2023-42752 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel An integer overflow flaw was found in the Linux kernel. | 5.5 |
2023-10-13 | CVE-2023-44176 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. | 5.5 |
2023-10-13 | CVE-2023-44177 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. | 5.5 |
2023-10-13 | CVE-2023-44178 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2. | 5.5 |
2023-10-13 | CVE-2023-44193 | Juniper | Memory Leak vulnerability in Juniper Junos An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. | 5.5 |
2023-10-13 | CVE-2023-44201 | Juniper | Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Junos An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. | 5.5 |
2023-10-12 | CVE-2023-45511 | Justdan96 | Memory Leak vulnerability in Justdan96 Tsmuxer Nightly20231005015556 A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | 5.5 |
2023-10-12 | CVE-2023-27315 | Netapp | Insufficiently Protected Credentials vulnerability in Netapp Snapgathers SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | 5.5 |
2023-10-12 | CVE-2023-43789 | Libxpm Project Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | 5.5 |
2023-10-12 | CVE-2023-42298 | Gpac | Integer Overflow or Wraparound vulnerability in Gpac An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | 5.5 |
2023-10-11 | CVE-2023-44187 | Juniper | Information Exposure vulnerability in Juniper Junos OS Evolved An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. | 5.5 |
2023-10-11 | CVE-2023-38216 | Adobe | Use After Free vulnerability in Adobe Bridge Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-10-11 | CVE-2023-38217 | Adobe | Out-of-bounds Read vulnerability in Adobe Bridge Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-10-10 | CVE-2023-36563 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WordPad Information Disclosure Vulnerability | 5.5 |
2023-10-10 | CVE-2023-36576 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2023-10-10 | CVE-2023-36713 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
2023-10-10 | CVE-2023-36724 | Microsoft | Unspecified vulnerability in Microsoft products Windows Power Management Service Information Disclosure Vulnerability | 5.5 |
2023-10-10 | CVE-2023-36728 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SQL Server Denial of Service Vulnerability | 5.5 |
2023-10-10 | CVE-2023-25604 | Fortinet | Information Exposure Through Log Files vulnerability in Fortinet Fortiguest 1.0.0 An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | 5.5 |
2023-10-10 | CVE-2023-41253 | F5 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Domain Name System When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
2023-10-10 | CVE-2023-43485 | F5 | Information Exposure Through Log Files vulnerability in F5 products When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
2023-10-10 | CVE-2023-43785 | X ORG Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. | 5.5 |
2023-10-10 | CVE-2023-43786 | X ORG Redhat Fedoraproject | Infinite Loop vulnerability in multiple products A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. | 5.5 |
2023-10-10 | CVE-2023-43788 | X ORG Fedoraproject Redhat | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. | 5.5 |
2023-10-09 | CVE-2023-44821 | Lcdf | Memory Leak vulnerability in Lcdf Gifsicle Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). | 5.5 |
2023-10-09 | CVE-2023-44378 | Consensys | Incorrect Comparison vulnerability in Consensys Gnark gnark is a zk-SNARK library that offers a high-level API to design circuits. | 5.5 |
2023-10-14 | CVE-2023-40367 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |
2023-10-14 | CVE-2023-5582 | Zzzcms | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zzzcms 2.2.0 A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. | 5.4 |
2023-10-14 | CVE-2023-5578 | Portabilis | Cross-site Scripting vulnerability in Portabilis I-Educar A vulnerability was found in Portábilis i-Educar up to 2.7.5. | 5.4 |
2023-10-14 | CVE-2023-30148 | Opart | Cross-site Scripting vulnerability in Opart Multi Html Block Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php. | 5.4 |
2023-10-13 | CVE-2023-34977 | Qnap | Cross-site Scripting vulnerability in Qnap Video Station A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. | 5.4 |
2023-10-13 | CVE-2023-45269 | Coleds | Cross-Site Request Forgery (CSRF) vulnerability in Coleds Simple SEO Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions. | 5.4 |
2023-10-13 | CVE-2023-41843 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortisandbox A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 5.4 |
2023-10-13 | CVE-2023-4517 | Hestiacp | Cross-site Scripting vulnerability in Hestiacp Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. | 5.4 |
2023-10-13 | CVE-2023-4829 | Froxlor | Cross-site Scripting vulnerability in Froxlor Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22. | 5.4 |
2023-10-13 | CVE-2023-4995 | Embedcalendly | Unspecified vulnerability in Embedcalendly Embed Calendly The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-13 | CVE-2023-38000 | Wordpress | Cross-site Scripting vulnerability in Wordpress Gutenberg and Wordpress Auth. | 5.4 |
2023-10-12 | CVE-2023-32721 | Zabbix | Cross-site Scripting vulnerability in Zabbix A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 5.4 |
2023-10-12 | CVE-2023-5470 | Etsy Shop Project | Unspecified vulnerability in Etsy Shop Project Etsy Shop The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-11 | CVE-2023-44189 | Juniper | Origin Validation Error vulnerability in Juniper Junos OS Evolved An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. | 5.4 |
2023-10-11 | CVE-2023-44190 | Juniper | Origin Validation Error vulnerability in Juniper Junos OS Evolved An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. | 5.4 |
2023-10-11 | CVE-2023-28635 | Vantage6 | Incorrect Authorization vulnerability in Vantage6 vantage6 is privacy preserving federated learning infrastructure. | 5.4 |
2023-10-11 | CVE-2023-34354 | Peplink | Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5 A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 5.4 |
2023-10-10 | CVE-2023-26220 | Tibco | Cross-site Scripting vulnerability in Tibco Spotfire Analyst and Spotfire Server The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. | 5.4 |
2023-10-10 | CVE-2023-36584 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2023-10-10 | CVE-2023-36555 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | 5.4 |
2023-10-10 | CVE-2023-36637 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortimail An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | 5.4 |
2023-10-10 | CVE-2023-5496 | Translator Poqdev ADD ON Project | Cross-site Scripting vulnerability in Translator Poqdev Add-On Project Translator Poqdev Add-On 1.0.11 A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. | 5.4 |
2023-10-10 | CVE-2023-44763 | Concretecms | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS 9.2.1 Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). | 5.4 |
2023-10-10 | CVE-2023-44315 | Siemens | Cross-site Scripting vulnerability in Siemens Sinec NMS 1.0/1.0.3 A vulnerability has been identified in SINEC NMS (All versions < V2.0). | 5.4 |
2023-10-10 | CVE-2023-5467 | Geomywp | Cross-site Scripting vulnerability in Geomywp GEO MY Wordpress The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-10 | CVE-2023-5468 | Leechesnutt | Unspecified vulnerability in Leechesnutt Slick Contact Forms 1.3.7 The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-10 | CVE-2023-44826 | Easycorp | Cross-site Scripting vulnerability in Easycorp Zentao 18.6 Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | 5.4 |
2023-10-10 | CVE-2023-42473 | SAP | Missing Authorization vulnerability in SAP S/4Hana 106 S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. | 5.4 |
2023-10-10 | CVE-2023-42474 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects web Intelligence 420 SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. | 5.4 |
2023-10-09 | CVE-2023-30910 | HPE | HTTP Request Smuggling vulnerability in HPE products HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | 5.4 |
2023-10-15 | CVE-2023-5588 | Kpherox | Path Traversal vulnerability in Kpherox Pleroma A vulnerability was found in kphrx pleroma. | 5.3 |
2023-10-14 | CVE-2022-43868 | IBM | Unspecified vulnerability in IBM Security Verify Access Oidc Provider IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. | 5.3 |
2023-10-13 | CVE-2023-38251 | Adobe | Resource Exhaustion vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. | 5.3 |
2023-10-13 | CVE-2023-44183 | Juniper | Memory Leak vulnerability in Juniper Junos An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. | 5.3 |
2023-10-13 | CVE-2023-44195 | Juniper | Unspecified vulnerability in Juniper Junos OS Evolved An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. | 5.3 |
2023-10-12 | CVE-2023-41261 | Plixer | Improper Authentication vulnerability in Plixer Scrutinizer An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. | 5.3 |
2023-10-12 | CVE-2023-31192 | Softether | Use of Uninitialized Resource vulnerability in Softether VPN 5.01.9674 An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. | 5.3 |
2023-10-11 | CVE-2023-44188 | Juniper | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). | 5.3 |
2023-10-11 | CVE-2023-44962 | Koha Community | Unrestricted Upload of File with Dangerous Type vulnerability in Koha-Community Koha Library Software File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | 5.3 |
2023-10-11 | CVE-2023-41304 | Huawei | Improper Check for Unusual or Exceptional Conditions vulnerability in Huawei Emui and Harmonyos Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. | 5.3 |
2023-10-11 | CVE-2023-44102 | Huawei | Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Harmonyos Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | 5.3 |
2023-10-11 | CVE-2023-44094 | Huawei | Type Confusion vulnerability in Huawei Emui and Harmonyos Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | 5.3 |
2023-10-11 | CVE-2022-44758 | Hcltech | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. | 5.3 |
2023-10-10 | CVE-2023-45648 | Apache Debian | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. | 5.3 |
2023-10-10 | CVE-2023-41763 | Microsoft | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Skype for Business Server 2015/2019 Skype for Business Elevation of Privilege Vulnerability | 5.3 |
2023-10-10 | CVE-2023-42795 | Apache Debian | Incomplete Cleanup vulnerability in multiple products Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | 5.3 |
2023-10-10 | CVE-2023-41675 | Fortinet | Use After Free vulnerability in Fortinet Fortios and Fortiproxy A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | 5.3 |
2023-10-10 | CVE-2023-42782 | Fortinet | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 5.3 |
2023-10-10 | CVE-2023-44399 | Zitadel | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel ZITADEL provides identity infrastructure. | 5.3 |
2023-10-10 | CVE-2023-30802 | Sangfor | Exposure of Resource to Wrong Sphere vulnerability in Sangfor Next-Gen Application Firewall 8.0.17 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. | 5.3 |
2023-10-10 | CVE-2023-43623 | Mendix | Information Exposure Through Discrepancy vulnerability in Mendix Forgot Password A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). | 5.3 |
2023-10-09 | CVE-2023-5101 | Sick | Files or Directories Accessible to External Parties vulnerability in Sick Apu0200 Firmware Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | 5.3 |
2023-10-09 | CVE-2023-5102 | Sick | Unspecified vulnerability in Sick Apu0200 Firmware Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | 5.3 |
2023-10-09 | CVE-2023-5331 | Mattermost | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | 5.3 |
2023-10-09 | CVE-2023-45370 | Mediawiki | Unspecified vulnerability in Mediawiki An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
2023-10-09 | CVE-2023-45372 | Mediawiki | Unspecified vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
2023-10-09 | CVE-2023-45374 | Mediawiki | Unspecified vulnerability in Mediawiki An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
2023-10-09 | CVE-2023-45364 | Mediawiki Debian | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. | 5.3 |
2023-10-13 | CVE-2023-32970 | Qnap | NULL Pointer Dereference vulnerability in Qnap Qts, Quts Hero and Qutscloud A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. | 4.9 |
2023-10-13 | CVE-2023-26367 | Adobe | Improper Input Validation vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. | 4.9 |
2023-10-10 | CVE-2023-45129 | Matrix Fedoraproject | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. | 4.9 |
2023-10-13 | CVE-2023-45391 | Grandingteco | Cross-site Scripting vulnerability in Grandingteco Utime Master 9.0.7 A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | 4.8 |
2023-10-13 | CVE-2023-5564 | Froxlor | Cross-site Scripting vulnerability in Froxlor Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. | 4.8 |
2023-10-09 | CVE-2022-35950 | Oroinc | Cross-site Scripting vulnerability in Oroinc Orocommerce OroCommerce is an open-source Business to Business Commerce application. | 4.8 |
2023-10-13 | CVE-2023-40682 | IBM | Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise 12.0.1.0/12.0.4.0/12.0.5.0 IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. | 4.4 |
2023-10-12 | CVE-2023-32275 | Softether | Exposure of Resource to Wrong Sphere vulnerability in Softether VPN 4.419782/5.01.9674 An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. | 4.4 |
2023-10-11 | CVE-2023-35653 | Incorrect Authorization vulnerability in Google Android In TBD of TBD, there is a possible way to access location information due to a permissions bypass. | 4.4 | |
2023-10-11 | CVE-2022-42451 | Hcltech | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Patch Management 1054 Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | 4.4 |
2023-10-10 | CVE-2023-36698 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Security Feature Bypass Vulnerability | 4.4 |
2023-10-10 | CVE-2023-36722 | Microsoft | Unspecified vulnerability in Microsoft products Active Directory Domain Services Information Disclosure Vulnerability | 4.4 |
2023-10-10 | CVE-2023-39447 | F5 | Information Exposure Through Log Files vulnerability in F5 products When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 |
2023-10-10 | CVE-2023-45219 | F5 | Unspecified vulnerability in F5 products Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 |
2023-10-10 | CVE-2023-37195 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). | 4.4 |
2023-10-10 | CVE-2023-38640 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Pas/Pqs A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). | 4.4 |
2023-10-09 | CVE-2023-39194 | Linux Redhat Fedoraproject | Out-of-bounds Read vulnerability in multiple products A flaw was found in the XFRM subsystem in the Linux kernel. | 4.4 |
2023-10-14 | CVE-2023-45348 | Apache | Unspecified vulnerability in Apache Airflow 2.7.0/2.7.1 Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". | 4.3 |
2023-10-13 | CVE-2023-39999 | Wordpress Fedoraproject | Information Exposure vulnerability in multiple products Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 4.3 |
2023-10-12 | CVE-2023-27312 | Netapp | Unspecified vulnerability in Netapp Snapcenter Plug-In SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | 4.3 |
2023-10-12 | CVE-2023-5531 | I13Websolution | Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Thumbnail Slider With Lightbox 1.0 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. | 4.3 |
2023-10-11 | CVE-2023-5477 | Google Debian | Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. | 4.3 |
2023-10-11 | CVE-2023-5478 | Google Debian | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
2023-10-11 | CVE-2023-5485 | Google Debian | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. | 4.3 |
2023-10-11 | CVE-2023-5486 | Google Debian | Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. | 4.3 |
2023-10-11 | CVE-2023-41881 | Vantage6 | Unspecified vulnerability in Vantage6 vantage6 is privacy preserving federated learning infrastructure. | 4.3 |
2023-10-11 | CVE-2023-41882 | Vantage6 | Incorrect Authorization vulnerability in Vantage6 vantage6 is privacy preserving federated learning infrastructure. | 4.3 |
2023-10-11 | CVE-2023-4957 | Zebra | Authentication Bypass Using an Alternate Path or Channel vulnerability in Zebra Zt410 Firmware A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. | 4.3 |
2023-10-11 | CVE-2023-44110 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. | 4.3 |
2023-10-11 | CVE-2023-44689 | E GOV | Missing Authorization vulnerability in E-Gov e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. | 4.3 |
2023-10-11 | CVE-2023-45194 | MRL | Use of Hard-coded Credentials vulnerability in MRL products Use of default credentials vulnerability in MR-GM2 firmware Ver. | 4.3 |
2023-10-10 | CVE-2023-33301 | Fortinet | Unspecified vulnerability in Fortinet Fortios An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | 4.3 |
2023-10-10 | CVE-2023-5498 | Chiefonboarding | Cross-Site Request Forgery (CSRF) vulnerability in Chiefonboarding Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. | 4.3 |
2023-10-10 | CVE-2023-41365 | SAP | XXE vulnerability in SAP Business ONE 10.0 SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. | 4.3 |
2023-10-10 | CVE-2023-42475 | SAP | Information Exposure Through an Error Message vulnerability in SAP S/4Hana The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | 4.3 |
2023-10-09 | CVE-2023-5103 | Sick | Improper Restriction of Rendered UI Layers or Frames vulnerability in Sick Apu0200 Firmware Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. | 4.3 |
2023-10-09 | CVE-2023-45369 | Mediawiki | Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 4.3 |
2023-10-13 | CVE-2023-36559 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.2 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-12 | CVE-2023-41263 | Plixer | Information Exposure Through Log Files vulnerability in Plixer Scrutinizer An issue was discovered in Plixer Scrutinizer before 19.3.1. | 3.7 |
2023-10-12 | CVE-2023-45143 | Nodejs Fedoraproject | Information Exposure vulnerability in multiple products Undici is an HTTP/1.1 client written from scratch for Node.js. | 3.5 |
2023-10-13 | CVE-2023-5449 | HP | Unspecified vulnerability in HP products A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. | 3.3 |
2023-10-10 | CVE-2023-37939 | Fortinet | Unspecified vulnerability in Fortinet Forticlient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | 3.3 |