Weekly Vulnerabilities Reports > October 9 to 15, 2023

Overview

640 new vulnerabilities reported during this period, including 84 critical vulnerabilities and 345 high severity vulnerabilities. This weekly summary report vulnerabilities in 759 products from 255 vendors including Microsoft, Fortinet, Juniper, Google, and Debian. Vulnerabilities are notably categorized as "Cross-Site Request Forgery (CSRF)", "Cross-site Scripting", "Out-of-bounds Write", "OS Command Injection", and "Out-of-bounds Read".

  • 470 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 150 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 397 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 105 reported vulnerabilities.
  • Yifanwireless has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

84 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-10 CVE-2023-41373 F5 Path Traversal vulnerability in F5 products

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system.

9.9
2023-10-15 CVE-2023-5589 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

A vulnerability was found in SourceCodester Judging Management System 1.0.

9.8
2023-10-15 CVE-2023-5587 Free Hospital Management System FOR Small Practices Project SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical.

9.8
2023-10-14 CVE-2023-5580 Library System Project SQL Injection vulnerability in Library System Project Library System 1.0

A vulnerability classified as critical has been found in SourceCodester Library System 1.0.

9.8
2023-10-14 CVE-2023-26155 Nrhirani Command Injection vulnerability in Nrhirani Node-Qpdf

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API.

9.8
2023-10-14 CVE-2023-45856 Qdpm Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.2

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.

9.8
2023-10-14 CVE-2023-30154 Shoprunners SQL Injection vulnerability in Shoprunners Aftermail

Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.

9.8
2023-10-14 CVE-2023-45852 Viessmann Command Injection vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

9.8
2023-10-14 CVE-2023-45853 Zlib Integer Overflow or Wraparound vulnerability in Zlib

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field.

9.8
2023-10-13 CVE-2023-4257 Zephyrproject Incorrect Calculation of Buffer Size vulnerability in Zephyrproject Zephyr

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

9.8
2023-10-13 CVE-2023-45162 1E SQL Injection vulnerability in 1E Platform

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied.

9.8
2023-10-13 CVE-2023-45465 Netis Systems Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

9.8
2023-10-13 CVE-2023-45466 Netis Systems Command Injection vulnerability in Netis-Systems N3Mv2 Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

9.8
2023-10-13 CVE-2023-45467 Netis Systems OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

9.8
2023-10-13 CVE-2023-5572 Vrite Server-Side Request Forgery (SSRF) vulnerability in Vrite

Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.

9.8
2023-10-12 CVE-2023-41262 Plixer SQL Injection vulnerability in Plixer Scrutinizer

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1.

9.8
2023-10-12 CVE-2023-23737 Managewp SQL Injection vulnerability in Managewp Broken Link Checker

Unauth.

9.8
2023-10-12 CVE-2023-5045 Biltay SQL Injection vulnerability in Biltay Kayisi

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.

9.8
2023-10-12 CVE-2023-5046 Biltay SQL Injection vulnerability in Biltay Procost

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.

9.8
2023-10-12 CVE-2023-5554 Linecorp Improper Certificate Validation vulnerability in Linecorp Line

Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.

9.8
2023-10-12 CVE-2023-29453 Zabbix Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.

9.8
2023-10-12 CVE-2023-40833 Thecosy Unspecified vulnerability in Thecosy Icecms 1.0.0

An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.

9.8
2023-10-11 CVE-2023-45132 Wargio Unspecified vulnerability in Wargio Naxsi 1.3/1.4/1.5

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX.

9.8
2023-10-11 CVE-2023-35646 Google Out-of-bounds Write vulnerability in Google Android

In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check.

9.8
2023-10-11 CVE-2023-35647 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

9.8
2023-10-11 CVE-2023-35648 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

9.8
2023-10-11 CVE-2023-35662 Google Out-of-bounds Write vulnerability in Google Android

there is a possible out of bounds write due to buffer overflow.

9.8
2023-10-11 CVE-2023-24479 Yifanwireless Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-31272 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-32632 Yifanwireless Command Injection vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-32645 Yifanwireless Unspecified vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-34346 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-34365 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-34426 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35055 Yifanwireless Classic Buffer Overflow vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35056 Yifanwireless Classic Buffer Overflow vulnerability in Yifanwireless Yf325 Firmware 1.020221108

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35965 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35966 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35967 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-35968 Yifanwireless Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108.

9.8
2023-10-11 CVE-2023-44105 Huawei Improper Privilege Management vulnerability in Huawei Emui and Harmonyos

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

9.8
2023-10-11 CVE-2023-44116 Huawei Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

9.8
2023-10-11 CVE-2023-44106 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

9.8
2023-10-11 CVE-2023-5521 Kernelsu Incorrect Authorization vulnerability in Kernelsu

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

9.8
2023-10-10 CVE-2023-35349 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8
2023-10-10 CVE-2023-36419 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability

9.8
2023-10-10 CVE-2023-36434 Microsoft Unspecified vulnerability in Microsoft products

Windows IIS Server Elevation of Privilege Vulnerability

9.8
2023-10-10 CVE-2023-4309 Electionservicesco SQL Injection vulnerability in Electionservicesco Internet Election Service

Election Services Co.

9.8
2023-10-10 CVE-2020-27630 Silabs Use of Insufficiently Random Values vulnerability in Silabs Uc/Tcp-Ip 3.6.0

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

9.8
2023-10-10 CVE-2020-27631 Oryx Embedded Use of Insufficiently Random Values vulnerability in Oryx-Embedded Cyclonetcp 1.9.6

In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.

9.8
2023-10-10 CVE-2023-34992 Fortinet OS Command Injection vulnerability in Fortinet Fortisiem

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.

9.8
2023-10-10 CVE-2023-34993 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8
2023-10-10 CVE-2023-36547 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8
2023-10-10 CVE-2023-36548 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8
2023-10-10 CVE-2023-36549 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8
2023-10-10 CVE-2023-36550 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8
2023-10-10 CVE-2023-5495 Qdocs SQL Injection vulnerability in Qdocs Smart School 6.4.1

A vulnerability was found in QDocs Smart School 6.4.1.

9.8
2023-10-10 CVE-2023-30803 Sangfor Authentication Bypass by Spoofing vulnerability in Sangfor Next-Gen Application Firewall 8.0.17

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability.

9.8
2023-10-10 CVE-2023-30805 Sangfor OS Command Injection vulnerability in Sangfor Next-Gen Application Firewall 8.0.17

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability.

9.8
2023-10-10 CVE-2023-30806 Sangfor OS Command Injection vulnerability in Sangfor Next-Gen Application Firewall Ngaf8.0.17

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability.

9.8
2023-10-10 CVE-2023-30801 Qbittorrent Use of Hard-coded Credentials vulnerability in Qbittorrent

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled.

9.8
2023-10-10 CVE-2023-43625 Siemens Code Injection vulnerability in Siemens Simcenter Amesim

A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1).

9.8
2023-10-09 CVE-2023-43899 Hansuncms Project SQL Injection vulnerability in Hansuncms Project Hansuncms 1.0

hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.

9.8
2023-10-09 CVE-2023-44467 Langchain Unspecified vulnerability in Langchain Experimental 0.0.14

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.

9.8
2023-10-09 CVE-2023-5365 HP Unspecified vulnerability in HP Life

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.

9.8
2023-10-09 CVE-2023-43696 Sick Unrestricted Upload of File with Dangerous Type vulnerability in Sick Apu0200 Firmware

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

9.8
2023-10-09 CVE-2023-45612 Jetbrains XXE vulnerability in Jetbrains Ktor

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

9.8
2023-10-12 CVE-2023-45138 Xwiki Cross-site Scripting vulnerability in Xwiki Change Request

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly.

9.6
2023-10-10 CVE-2023-41679 Fortinet Unspecified vulnerability in Fortinet Fortimanager

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs

9.6
2023-10-14 CVE-2022-32755 IBM XXE vulnerability in IBM products

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

9.1
2023-10-13 CVE-2023-29464 Rockwellautomation Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Linx 6.20/6.30

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets.

9.1
2023-10-13 CVE-2023-4562 Mitsubishielectric Improper Authentication vulnerability in Mitsubishielectric products

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.

9.1
2023-10-12 CVE-2023-32723 Zabbix Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix

Request to LDAP is sent before user permissions are checked.

9.1
2023-10-11 CVE-2023-44107 Huawei Unspecified vulnerability in Huawei Harmonyos 2.1.0

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

9.1
2023-10-11 CVE-2023-44118 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

9.1
2023-10-11 CVE-2023-44981 Apache
Debian
Authorization Bypass Through User-Controlled Key vulnerability in multiple products

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper.

9.1
2023-10-10 CVE-2020-27633 Butok Use of Insufficiently Random Values vulnerability in Butok Fnet 4.6.3

In FNET 4.6.3, TCP ISNs are improperly random.

9.1
2023-10-10 CVE-2020-27634 Contiki NG Use of Insufficiently Random Values vulnerability in Contiki-Ng 4.5

In Contiki 4.5, TCP ISNs are improperly random.

9.1
2023-10-10 CVE-2020-27635 Capgemini Use of Insufficiently Random Values vulnerability in Capgemini Picotcp 1.7.0

In PicoTCP 1.7.0, TCP ISNs are improperly random.

9.1
2023-10-10 CVE-2020-27636 Microchip Use of Insufficiently Random Values vulnerability in Microchip Mplab Network Creator 3.6.1

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

9.1
2023-10-09 CVE-2023-43271 70Mai Missing Authentication for Critical Function vulnerability in 70Mai A500S Firmware 1.2.119

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.

9.1
2023-10-09 CVE-2023-45613 Jetbrains Improper Certificate Validation vulnerability in Jetbrains Ktor

In JetBrains Ktor before 2.3.5 server certificates were not verified

9.1
2023-10-10 CVE-2023-35796 Siemens Cross-site Scripting vulnerability in Siemens Sinema Server 14.0

A vulnerability has been identified in SINEMA Server V14 (All versions).

9.0
2023-10-09 CVE-2023-44392 Garden Deserialization of Untrusted Data vulnerability in Garden

Garden provides automation for Kubernetes development and testing.

9.0

345 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-13 CVE-2023-4263 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr

Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

8.8
2023-10-13 CVE-2023-34975 Qnap OS Command Injection vulnerability in Qnap Video Station

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

8.8
2023-10-13 CVE-2023-34976 Qnap SQL Injection vulnerability in Qnap Video Station

A SQL injection vulnerability has been reported to affect Video Station.

8.8
2023-10-13 CVE-2023-45270 Pinpoint Cross-Site Request Forgery (CSRF) vulnerability in Pinpoint Booking System

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

8.8
2023-10-13 CVE-2023-45276 Automatededitor Cross-Site Request Forgery (CSRF) vulnerability in Automatededitor Automated Editor

Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.

8.8
2023-10-13 CVE-2023-45267 Sharkdropship Cross-Site Request Forgery (CSRF) vulnerability in Sharkdropship Irivyou

Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.

8.8
2023-10-13 CVE-2023-45268 Hitsteps Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps web Analytics

Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.

8.8
2023-10-13 CVE-2023-45109 Myback Link Cross-Site Request Forgery (CSRF) vulnerability in Myback.Link Whitepage

Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.

8.8
2023-10-13 CVE-2023-45107 Goodbarber Cross-Site Request Forgery (CSRF) vulnerability in Goodbarber

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

8.8
2023-10-13 CVE-2023-45108 Mailrelay Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay

Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.

8.8
2023-10-13 CVE-2023-38218 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization .

8.8
2023-10-13 CVE-2023-44182 Juniper Unchecked Return Value vulnerability in Juniper Junos and Junos OS Evolved

An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

8.8
2023-10-12 CVE-2023-27313 Netapp Unspecified vulnerability in Netapp Snapcenter

SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.

8.8
2023-10-12 CVE-2023-43149 SPA Cart Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.

8.8
2023-10-12 CVE-2023-45133 Debian
Babeljs
Incorrect Comparison vulnerability in multiple products

Babel is a compiler for writingJavaScript.

8.8
2023-10-12 CVE-2023-43147 Phpjabbers Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Limo Booking Software 1.0

PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.

8.8
2023-10-12 CVE-2023-32124 Arulprasadj Cross-Site Request Forgery (CSRF) vulnerability in Arulprasadj Publish Confirm Message

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.

8.8
2023-10-12 CVE-2023-41131 Followingmedarling Cross-Site Request Forgery (CSRF) vulnerability in Followingmedarling Spotify Play Button

Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions.

8.8
2023-10-12 CVE-2023-45102 Otwthemes Cross-Site Request Forgery (CSRF) vulnerability in Otwthemes Blog Manager Light

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.

8.8
2023-10-12 CVE-2023-45103 Yasglobalizer Cross-Site Request Forgery (CSRF) vulnerability in Yasglobalizer Permalinks Customizer

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

8.8
2023-10-12 CVE-2023-45106 Urvanov Cross-Site Request Forgery (CSRF) vulnerability in Urvanov Syntax Highlighter

Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.

8.8
2023-10-12 CVE-2023-44998 Randyhoyt Cross-Site Request Forgery (CSRF) vulnerability in Randyhoyt Category Meta

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.

8.8
2023-10-12 CVE-2023-45011 Websivu Cross-Site Request Forgery (CSRF) vulnerability in Websivu WP Power Stats

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

8.8
2023-10-12 CVE-2023-45048 Repuso Cross-Site Request Forgery (CSRF) vulnerability in Repuso

Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.

8.8
2023-10-12 CVE-2023-45052 Dan009 Cross-Site Request Forgery (CSRF) vulnerability in Dan009 WP Bing MAP PRO

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

8.8
2023-10-12 CVE-2023-45058 Kaizencoders Cross-Site Request Forgery (CSRF) vulnerability in Kaizencoders Short URL

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.

8.8
2023-10-12 CVE-2023-45060 FLA Shop Cross-Site Request Forgery (CSRF) vulnerability in Fla-Shop Interactive World MAP

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

8.8
2023-10-12 CVE-2023-45063 Rayhan1 Cross-Site Request Forgery (CSRF) vulnerability in Rayhan1 AI Content Writing Assistant

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

8.8
2023-10-12 CVE-2023-45068 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.

8.8
2023-10-12 CVE-2023-23651 Mainwp SQL Injection vulnerability in Mainwp Google Analytics Extension

Auth.

8.8
2023-10-12 CVE-2023-45047 Leadsquared Cross-Site Request Forgery (CSRF) vulnerability in Leadsquared Suite

Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.

8.8
2023-10-12 CVE-2023-32724 Zabbix Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix

Memory pointer is in a property of the Ducktape object.

8.8
2023-10-12 CVE-2023-1943 Kubernetes Unspecified vulnerability in Kubernetes Operations

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

8.8
2023-10-11 CVE-2023-5218 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-10-11 CVE-2023-5474 Google
Debian
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

8.8
2023-10-11 CVE-2023-5476 Google
Debian
Use After Free vulnerability in multiple products

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-10-11 CVE-2023-43661 ALL Three Injection vulnerability in All-Three Cachet

Cachet, the open-source status page system.

8.8
2023-10-11 CVE-2023-43960 Dlink Improper Privilege Management vulnerability in Dlink Dph-400Se Firmware 2.2.15.8

An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.

8.8
2023-10-11 CVE-2023-27380 Peplink OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

8.8
2023-10-11 CVE-2023-28381 Peplink OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

8.8
2023-10-11 CVE-2023-34356 Peplink OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

8.8
2023-10-11 CVE-2023-35193 Peplink OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

8.8
2023-10-11 CVE-2023-35194 Peplink OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

8.8
2023-10-11 CVE-2023-44997 Nitinrathod Cross-Site Request Forgery (CSRF) vulnerability in Nitinrathod WP Forms Puzzle Captcha

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions.

8.8
2023-10-11 CVE-2023-37536 Hcltech
Apache
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

8.8
2023-10-11 CVE-2023-5511 Snipeitapp Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

8.8
2023-10-10 CVE-2023-45312 Mtproto Insecure Default Initialization of Resource vulnerability in Mtproto MT Proto Proxy

In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.

8.8
2023-10-10 CVE-2023-36414 Microsoft Unspecified vulnerability in Microsoft Azure Identity SDK

Azure Identity SDK Remote Code Execution Vulnerability

8.8
2023-10-10 CVE-2023-36415 Microsoft Unspecified vulnerability in Microsoft Azure Identity SDK

Azure Identity SDK Remote Code Execution Vulnerability

8.8
2023-10-10 CVE-2023-36577 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-10-10 CVE-2023-5497 Tongda2000 SQL Injection vulnerability in Tongda2000 Office Anywhere 11.10/2017

A vulnerability classified as critical has been found in Tongda OA 2017 11.10.

8.8
2023-10-10 CVE-2023-34985 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8
2023-10-10 CVE-2023-34986 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8
2023-10-10 CVE-2023-34987 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8
2023-10-10 CVE-2023-34988 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8
2023-10-10 CVE-2023-34989 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8
2023-10-10 CVE-2023-36556 Fortinet Incorrect Authorization vulnerability in Fortinet Fortimail

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

8.8
2023-10-10 CVE-2023-41841 Fortinet Unspecified vulnerability in Fortinet Fortios

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.

8.8
2023-10-10 CVE-2023-44995 Wpdoctor Cross-Site Request Forgery (CSRF) vulnerability in Wpdoctor Woocommerce Login Redirect

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.

8.8
2023-10-10 CVE-2023-44996 Nareshparmar827 Cross-Site Request Forgery (CSRF) vulnerability in Nareshparmar827 Post View Count

Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.

8.8
2023-10-10 CVE-2023-5492 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.

8.8
2023-10-10 CVE-2023-5493 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical.

8.8
2023-10-10 CVE-2023-5494 Byzoro OS Command Injection vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical.

8.8
2023-10-10 CVE-2023-44471 KAU Boys Cross-Site Request Forgery (CSRF) vulnerability in Kau-Boys Backend Localization

Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.

8.8
2023-10-10 CVE-2023-44475 Msimpson Cross-Site Request Forgery (CSRF) vulnerability in Msimpson ADD Shortcodes Actions and Filters

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.

8.8
2023-10-10 CVE-2023-44476 WP Copyrightpro Cross-Site Request Forgery (CSRF) vulnerability in Wp-Copyrightpro

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V.

8.8
2023-10-10 CVE-2023-44994 Bainternet Cross-Site Request Forgery (CSRF) vulnerability in Bainternet Shortcodes UI

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

8.8
2023-10-10 CVE-2023-5489 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.

8.8
2023-10-10 CVE-2023-5490 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.

8.8
2023-10-10 CVE-2023-5491 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.

8.8
2023-10-10 CVE-2023-44241 Keap Cross-Site Request Forgery (CSRF) vulnerability in Keap Landing Pages

Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions.

8.8
2023-10-10 CVE-2023-44470 Kvvaradha Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha KV Tinymce Editor ADD Fonts

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.

8.8
2023-10-10 CVE-2023-5488 Byzoro Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S45F Firmware 20230822/20230906

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.

8.8
2023-10-10 CVE-2023-42796 Siemens Path Traversal vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11).

8.8
2023-10-10 CVE-2023-44261 Dineshkarki Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki Block Plugin Update

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.

8.8
2023-10-10 CVE-2023-4837 Smod Cross-Site Request Forgery (CSRF) vulnerability in Smod Smodbip

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges.

8.8
2023-10-10 CVE-2023-41850 Sparro Cross-Site Request Forgery (CSRF) vulnerability in Sparro Outbound Link Manager 1.0/1.1/1.2

Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.

8.8
2023-10-10 CVE-2023-41851 Dotsquares Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template 1.0

Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.

8.8
2023-10-10 CVE-2023-41852 Mailmunch Cross-Site Request Forgery (CSRF) vulnerability in Mailmunch

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.

8.8
2023-10-10 CVE-2023-41853 Wpicalavailability Cross-Site Request Forgery (CSRF) vulnerability in Wpicalavailability WP Ical Availability

Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.

8.8
2023-10-10 CVE-2023-41854 Wpcentral Cross-Site Request Forgery (CSRF) vulnerability in Wpcentral

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd.

8.8
2023-10-10 CVE-2023-41858 Tychesoftwares Cross-Site Request Forgery (CSRF) vulnerability in Tychesoftwares Order Delivery Date for Woocommerce 1.0/1.1/1.2

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.

8.8
2023-10-10 CVE-2023-41876 WP Gallery Metabox Project Cross-Site Request Forgery (CSRF) vulnerability in WP Gallery Metabox Project WP Gallery Metabox

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.

8.8
2023-10-10 CVE-2023-44257 Mangboard Cross-Site Request Forgery (CSRF) vulnerability in Mangboard Mang Board

Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions.

8.8
2023-10-10 CVE-2023-44259 Mediavine Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Control Panel

Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions.

8.8
2023-10-10 CVE-2023-41694 Realbig Cross-Site Request Forgery (CSRF) vulnerability in Realbig

Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.

8.8
2023-10-10 CVE-2023-41697 Nikunjsoni Cross-Site Request Forgery (CSRF) vulnerability in Nikunjsoni Easy WP Cleaner

Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.

8.8
2023-10-10 CVE-2023-41730 Pressified Cross-Site Request Forgery (CSRF) vulnerability in Pressified Sendpress

Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

8.8
2023-10-10 CVE-2023-41684 Felixwelberg Cross-Site Request Forgery (CSRF) vulnerability in Felixwelberg SIS Handball

Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.

8.8
2023-10-10 CVE-2023-45208 Dlink Command Injection vulnerability in Dlink Dap-1860 Firmware 1.00/1.01B0501/1.01B94

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID.

8.8
2023-10-10 CVE-2023-44827 Easycorp Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.

8.8
2023-10-10 CVE-2023-44959 Dlink Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01/1.03

An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.

8.8
2023-10-10 CVE-2023-44846 Seacms Unspecified vulnerability in Seacms

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.

8.8
2023-10-09 CVE-2023-43641 Lipnitsk
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

libcue provides an API for parsing and extracting data from CUE sheets.

8.8
2023-10-09 CVE-2023-44811 Moosocial Cross-Site Request Forgery (CSRF) vulnerability in Moosocial 3.1.8

Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.

8.8
2023-10-09 CVE-2023-41669 Daext Cross-Site Request Forgery (CSRF) vulnerability in Daext Live News

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.

8.8
2023-10-09 CVE-2023-41670 Palasthotel Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel USE Memcached

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.

8.8
2023-10-09 CVE-2023-41672 Remileclercq Cross-Site Request Forgery (CSRF) vulnerability in Remileclercq Hide Admin Notices - Admin Notification Center Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.

8.8
2023-10-09 CVE-2023-41667 Ulfbenjaminsson Cross-Site Request Forgery (CSRF) vulnerability in Ulfbenjaminsson Wp-Dtree

Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.

8.8
2023-10-09 CVE-2023-41668 Leadster Cross-Site Request Forgery (CSRF) vulnerability in Leadster

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.

8.8
2023-10-09 CVE-2023-42455 Wazuh Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App

Wazuh is a security detection, visibility, and compliance open source project.

8.8
2023-10-09 CVE-2023-41660 Wpsynchro Cross-Site Request Forgery (CSRF) vulnerability in Wpsynchro WP Synchro

Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.

8.8
2023-10-09 CVE-2023-44240 Peterbutler Cross-Site Request Forgery (CSRF) vulnerability in Peterbutler Timthumb vulnerability Scanner

Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions.

8.8
2023-10-09 CVE-2023-44473 Dublue Cross-Site Request Forgery (CSRF) vulnerability in Dublue Table of Contents Plus

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.

8.8
2023-10-09 CVE-2023-44993 Quantumcloud Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud AI Chatbot

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.

8.8
2023-10-09 CVE-2023-44236 Devnath Verma Cross-Site Request Forgery (CSRF) vulnerability in Devnath Verma WP Captcha 2.0.0

Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions.

8.8
2023-10-09 CVE-2023-44237 Moriyan JAY Cross-Site Request Forgery (CSRF) vulnerability in Moriyan JAY WP Site Protector 2.0

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.

8.8
2023-10-09 CVE-2023-44238 Joakimling Cross-Site Request Forgery (CSRF) vulnerability in Joakimling Remove Slug From Custom Post Type

Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.

8.8
2023-10-09 CVE-2023-44246 Matiass Cross-Site Request Forgery (CSRF) vulnerability in Matiass Shockingly Simple Favicon

Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions.

8.8
2023-10-09 CVE-2023-44231 Nickduncan Cross-Site Request Forgery (CSRF) vulnerability in Nickduncan Contact Form

Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.

8.8
2023-10-09 CVE-2023-44232 Nxsn Cross-Site Request Forgery (CSRF) vulnerability in Nxsn WP Hide Pages

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.

8.8
2023-10-09 CVE-2023-44260 Rebing Cross-Site Request Forgery (CSRF) vulnerability in Rebing Woocommerce Esto

Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions.

8.8
2023-10-09 CVE-2023-45350 Atos Unspecified vulnerability in Atos Unify Openscape 4000 Manager 10

Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm.

8.8
2023-10-09 CVE-2023-45351 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr.

8.8
2023-10-09 CVE-2023-45352 Atos Path Traversal vulnerability in Atos Unify Openscape Common Management 10

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders.

8.8
2023-10-09 CVE-2023-45353 Atos Unrestricted Upload of File with Dangerous Type vulnerability in Atos Unify Openscape Common Management 10

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system.

8.8
2023-10-09 CVE-2023-45354 Atos Unspecified vulnerability in Atos Unify Openscape Common Management 10

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface.

8.8
2023-10-09 CVE-2023-45355 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice.

8.8
2023-10-09 CVE-2023-45356 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal.

8.8
2023-10-13 CVE-2023-38219 Adobe Cross-site Scripting vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

8.7
2023-10-10 CVE-2023-43746 F5 Privilege Defined With Unsafe Actions vulnerability in F5 products

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7
2023-10-10 CVE-2023-36569 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Elevation of Privilege Vulnerability

8.4
2023-10-11 CVE-2022-44757 Hcltech Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure.

8.2
2023-10-13 CVE-2023-33303 Fortinet Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request

8.1
2023-10-12 CVE-2023-43148 SPA Cart Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.

8.1
2023-10-12 CVE-2023-27395 Softether Out-of-bounds Write vulnerability in Softether VPN 4.419782/5.01.9674/5.02

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02.

8.1
2023-10-11 CVE-2023-26320 MI Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

8.1
2023-10-10 CVE-2023-38166 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41765 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41767 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41768 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41769 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41770 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41771 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41773 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-41774 Microsoft Race Condition vulnerability in Microsoft products

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

8.1
2023-10-10 CVE-2023-40537 F5 Insufficient Session Expiration vulnerability in F5 products

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.1
2023-10-10 CVE-2023-44848 Seacms Unspecified vulnerability in Seacms

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.

8.1
2023-10-10 CVE-2023-36697 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

8.0
2023-10-10 CVE-2023-36778 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.0
2023-10-15 CVE-2023-40378 IBM Unspecified vulnerability in IBM I

IBM Directory Server for IBM i contains a local privilege escalation vulnerability.

7.8
2023-10-15 CVE-2023-5586 Gpac NULL Pointer Dereference vulnerability in Gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

7.8
2023-10-13 CVE-2023-43079 Dell Improper Access Control vulnerability in Dell EMC Openmanage Server Administrator

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability.

7.8
2023-10-13 CVE-2023-44194 Juniper Incorrect Default Permissions vulnerability in Juniper Junos

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges.

7.8
2023-10-12 CVE-2023-27316 Netapp Unspecified vulnerability in Netapp Snapcenter 4.8

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

7.8
2023-10-12 CVE-2023-23632 Beyondtrust Improper Authentication vulnerability in Beyondtrust Privileged Remote Access

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass.

7.8
2023-10-12 CVE-2023-27516 Softether Insecure Default Initialization of Resource vulnerability in Softether VPN 4.419782/5.01.9674

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674.

7.8
2023-10-12 CVE-2023-32722 Zabbix Out-of-bounds Write vulnerability in Zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

7.8
2023-10-11 CVE-2023-3781 Google Improper Locking vulnerability in Google Android

there is a possible use-after-free write due to improper locking.

7.8
2023-10-11 CVE-2023-40141 Google Out-of-bounds Write vulnerability in Google Android

In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2023-10-11 CVE-2023-40142 Google Unspecified vulnerability in Google Android

In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code.

7.8
2023-10-11 CVE-2023-5535 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

7.8
2023-10-11 CVE-2023-38817 Echo Improper Privilege Management vulnerability in Echo Anti Cheat Tool

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.

7.8
2023-10-11 CVE-2023-4936 Synaptics Uncontrolled Search Path Element vulnerability in Synaptics Displaylink USB Graphics

It is possible to sideload a compromised DLL during the installation at elevated privilege.

7.8
2023-10-11 CVE-2023-26370 Adobe Access of Uninitialized Pointer vulnerability in Adobe Photoshop 2022, Photoshop 2023 and Photoshop 2024

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-10-11 CVE-2023-42138 Keyence Out-of-bounds Read vulnerability in Keyence KV Replay Viewer and KV Studio

Out-of-bounds read vulnerability exists in KV STUDIO Ver.

7.8
2023-10-10 CVE-2023-31096 Broadcom Out-of-bounds Write vulnerability in Broadcom LSI Pci-Sv92Ex Firmware 2.2.100.1

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys).

7.8
2023-10-10 CVE-2023-36417 Microsoft Unspecified vulnerability in Microsoft OLE DB Driver for SQL Server and SQL Server

Microsoft SQL OLE DB Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36418 Microsoft Unspecified vulnerability in Microsoft Azure Rtos Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36420 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36436 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36557 Microsoft Unspecified vulnerability in Microsoft products

PrintHTML API Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36594 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36598 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36605 Microsoft Unspecified vulnerability in Microsoft products

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36701 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36702 Microsoft Unspecified vulnerability in Microsoft products

Microsoft DirectMusic Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36704 Microsoft Unspecified vulnerability in Microsoft Windows 10 1809 and Windows Server 2019

Windows Setup Files Cleanup Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36710 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Foundation Core Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36711 Microsoft Unspecified vulnerability in Microsoft products

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36712 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36718 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36723 Microsoft Unspecified vulnerability in Microsoft products

Windows Container Manager Service Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36725 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36726 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36729 Microsoft Unspecified vulnerability in Microsoft products

Named Pipe File System Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36730 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36731 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36732 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36737 Microsoft Unspecified vulnerability in Microsoft Azure Network Watcher 1.4.2798.1

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36743 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-36785 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-10-10 CVE-2023-36790 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-41766 Microsoft Unspecified vulnerability in Microsoft products

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2023-41772 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-10-10 CVE-2022-22298 Fortinet OS Command Injection vulnerability in Fortinet Fortiisolator

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.

7.8
2023-10-10 CVE-2023-25607 Fortinet OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.

7.8
2023-10-10 CVE-2023-43896 Macrium Classic Buffer Overflow vulnerability in Macrium Reflect 8.1.7544

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

7.8
2023-10-10 CVE-2023-43611 F5 Improper Verification of Cryptographic Signature vulnerability in F5 products

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.8
2023-10-10 CVE-2023-43787 X ORG
Redhat
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function.

7.8
2023-10-10 CVE-2023-5450 F5 Insufficient Verification of Data Authenticity vulnerability in F5 Big-Ip Access Policy Manager

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.8
2023-10-10 CVE-2022-30527 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS 1.0/1.0.3

A vulnerability has been identified in SINEC NMS (All versions < V2.0).

7.8
2023-10-10 CVE-2023-30900 Siemens Stack-based Buffer Overflow vulnerability in Siemens Xpedition Layout Browser

A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14).

7.8
2023-10-10 CVE-2023-36380 Siemens Use of Hard-coded Credentials vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)).

7.8
2023-10-10 CVE-2023-44081 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44082 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44083 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44084 Siemens Out-of-bounds Read vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44085 Siemens Out-of-bounds Read vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44086 Siemens Out-of-bounds Read vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-44087 Siemens Out-of-bounds Read vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-45204 Siemens Incorrect Type Conversion or Cast vulnerability in Siemens Tecnomatix

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-10 CVE-2023-45205 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Pas/Pqs

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20).

7.8
2023-10-10 CVE-2023-45601 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid and Tecnomatix

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).

7.8
2023-10-09 CVE-2023-5463 Xinje Uncontrolled Search Path Element vulnerability in Xinje Xdppro 3.7.17A

A vulnerability was found in XINJE XDPPro up to 3.7.17a.

7.8
2023-10-09 CVE-2022-3431 Lenovo Incorrect Default Permissions vulnerability in Lenovo products

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

7.8
2023-10-09 CVE-2023-44400 Uptime Kuma Session Fixation vulnerability in Uptime.Kuma Uptime Kuma

Uptime Kuma is a self-hosted monitoring tool.

7.8
2023-10-13 CVE-2023-5557 Gnome
Redhat
A flaw was found in the tracker-miners package.
7.7
2023-10-14 CVE-2023-35024 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting.

7.6
2023-10-15 CVE-2023-5590 Selenium NULL Pointer Dereference vulnerability in Selenium

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

7.5
2023-10-15 CVE-2023-38312 Valvesoftware Path Traversal vulnerability in Valvesoftware Counter-Strike 8684

A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.

7.5
2023-10-15 CVE-2023-45871 Linux
Debian
Incorrect Calculation of Buffer Size vulnerability in multiple products

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3.

7.5
2023-10-14 CVE-2023-30994 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.5.0

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-10-14 CVE-2022-43740 IBM Resource Exhaustion vulnerability in IBM Security Verify Access Oidc Provider

IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption.

7.5
2023-10-14 CVE-2022-33165 IBM Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system.

7.5
2023-10-14 CVE-2023-44037 Zpesystems Cleartext Storage of Sensitive Information vulnerability in Zpesystems Nodegrid OS

An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.

7.5
2023-10-14 CVE-2023-45855 Qdpm Path Traversal vulnerability in Qdpm 9.2

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.

7.5
2023-10-13 CVE-2023-32974 Qnap Path Traversal vulnerability in Qnap Qts, Quts Hero and Qutscloud

A path traversal vulnerability has been reported to affect several QNAP operating system versions.

7.5
2023-10-13 CVE-2023-4499 HP Improper Certificate Validation vulnerability in HP Thinupdate

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure.

7.5
2023-10-13 CVE-2023-41682 Fortinet Path Traversal vulnerability in Fortinet Fortisandbox

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.

7.5
2023-10-13 CVE-2023-39960 Nextcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

7.5
2023-10-13 CVE-2023-45130 Parity Allocation of Resources Without Limits or Throttling vulnerability in Parity Frontier

Frontier is Substrate's Ethereum compatibility layer.

7.5
2023-10-13 CVE-2023-45463 Netis Systems Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function.

7.5
2023-10-13 CVE-2023-45464 Netis Systems Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter.

7.5
2023-10-13 CVE-2023-45468 Netis Systems Classic Buffer Overflow vulnerability in Netis-Systems N3M Firmware 1.0.1.865

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp.

7.5
2023-10-13 CVE-2023-5240 Devolutions Unspecified vulnerability in Devolutions Server

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

7.5
2023-10-13 CVE-2023-5571 Vrite Improper Input Validation vulnerability in Vrite

Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.

7.5
2023-10-13 CVE-2023-38220 Adobe Improper Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data.

7.5
2023-10-13 CVE-2023-44181 Juniper Infinite Loop vulnerability in Juniper Junos

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.

7.5
2023-10-13 CVE-2023-44185 Juniper Unspecified vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

7.5
2023-10-13 CVE-2023-44191 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

7.5
2023-10-13 CVE-2023-44192 Juniper Memory Leak vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed.

7.5
2023-10-13 CVE-2023-44197 Juniper Out-of-bounds Write vulnerability in Juniper Junos and Junos OS Evolved

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session.

7.5
2023-10-13 CVE-2023-44198 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1.

7.5
2023-10-13 CVE-2023-44199 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.

7.5
2023-10-13 CVE-2023-5563 Zephyrproject Unspecified vulnerability in Zephyrproject Zephyr

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y.

7.5
2023-10-12 CVE-2023-36841 Juniper Resource Exhaustion vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE.

7.5
2023-10-12 CVE-2023-36843 Juniper Unspecified vulnerability in Juniper Junos

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes.

7.5
2023-10-12 CVE-2023-44175 Juniper Reachable Assertion vulnerability in Juniper Junos

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.

7.5
2023-10-12 CVE-2023-45510 Justdan96 Unspecified vulnerability in Justdan96 Tsmuxer Nightly20231005015556

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

7.5
2023-10-12 CVE-2023-27314 Netapp Unspecified vulnerability in Netapp Clustered Data Ontap

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

7.5
2023-10-12 CVE-2023-45142 Opentelemetry Allocation of Resources Without Limits or Throttling vulnerability in Opentelemetry 0.43.0

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go.

7.5
2023-10-12 CVE-2023-5072 Json Java Project Allocation of Resources Without Limits or Throttling vulnerability in Json-Java Project Json-Java

Denial of Service in JSON-Java versions up to and including 20230618.

7.5
2023-10-12 CVE-2023-22308 Softether Integer Underflow (Wrap or Wraparound) vulnerability in Softether VPN 5.01.9674/5.02

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02.

7.5
2023-10-12 CVE-2023-23581 Softether Out-of-bounds Read vulnerability in Softether VPN 5.01.9674/5.02

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02.

7.5
2023-10-12 CVE-2023-25774 Softether Unspecified vulnerability in Softether VPN 5.02

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02.

7.5
2023-10-12 CVE-2023-40829 Tencent Incorrect Authorization vulnerability in Tencent Enterprise Wechat Privatization 2.5.0/2.6.930000

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.

7.5
2023-10-11 CVE-2023-39325 Golang
Fedoraproject
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.

7.5
2023-10-11 CVE-2023-44186 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS).

7.5
2023-10-11 CVE-2023-35652 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check.

7.5
2023-10-11 CVE-2023-35661 Google Out-of-bounds Read vulnerability in Google Android

In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check.

7.5
2023-10-11 CVE-2023-44961 Koha Community SQL Injection vulnerability in Koha-Community Koha Library Software

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl.

7.5
2023-10-11 CVE-2023-44108 Huawei Type Confusion vulnerability in Huawei Emui and Harmonyos

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

7.5
2023-10-11 CVE-2023-44114 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44119 Huawei Improper Locking vulnerability in Huawei Emui and Harmonyos

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-10-11 CVE-2023-44095 Huawei Use After Free vulnerability in Huawei Emui and Harmonyos

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

7.5
2023-10-11 CVE-2023-44097 Huawei Information Exposure vulnerability in Huawei Emui and Harmonyos

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44100 Huawei Incorrect Resource Transfer Between Spheres vulnerability in Huawei Emui and Harmonyos

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44101 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Harmonyos

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

7.5
2023-10-11 CVE-2023-44103 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44104 Huawei Incorrect Resource Transfer Between Spheres vulnerability in Huawei Emui and Harmonyos

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44111 Huawei Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44093 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44096 Huawei Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-44109 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2023-10-11 CVE-2023-4990 MCL Collection Path Traversal vulnerability in Mcl-Collection Mcl-Net Firmware 4.3.5.8788

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

7.5
2023-10-10 CVE-2023-36127 Phpjabbers Information Exposure Through Discrepancy vulnerability in PHPjabbers Appointment Scheduler 3.0

User enumeration is found in in PHPJabbers Appointment Scheduler 3.0.

7.5
2023-10-10 CVE-2023-29348 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

7.5
2023-10-10 CVE-2023-36431 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36435 Microsoft Unspecified vulnerability in Microsoft products

Microsoft QUIC Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36438 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Information Disclosure Vulnerability

7.5
2023-10-10 CVE-2023-36567 Microsoft Unspecified vulnerability in Microsoft products

Windows Deployment Services Information Disclosure Vulnerability

7.5
2023-10-10 CVE-2023-36579 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36581 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36585 Microsoft Unspecified vulnerability in Microsoft products

Windows upnphost.dll Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36596 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Remote Procedure Call Information Disclosure Vulnerability

7.5
2023-10-10 CVE-2023-36602 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36603 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36606 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36703 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36707 Microsoft Unspecified vulnerability in Microsoft products

Windows Deployment Services Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36709 Microsoft Unspecified vulnerability in Microsoft products

Microsoft AllJoyn API Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-36720 Microsoft Unspecified vulnerability in Microsoft products

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

7.5
2023-10-10 CVE-2023-38171 Microsoft Unspecified vulnerability in Microsoft products

Microsoft QUIC Denial of Service Vulnerability

7.5
2023-10-10 CVE-2020-27213 Ethernut Use of Insufficiently Random Values vulnerability in Ethernut Nut/Os 5.1

An issue was discovered in Ethernut Nut/OS 5.1.

7.5
2023-10-10 CVE-2023-36478 Eclipse
Jenkins
Debian
Resource Exhaustion vulnerability in multiple products

Eclipse Jetty provides a web server and servlet container.

7.5
2023-10-10 CVE-2023-37935 Fortinet Unspecified vulnerability in Fortinet Fortios

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

7.5
2023-10-10 CVE-2023-40718 Fortinet Interpretation Conflict vulnerability in Fortinet Fortios IPS Engine

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.

7.5
2023-10-10 CVE-2023-44487 Ietf
Nghttp2
Netty
Envoyproxy
Eclipse
Caddyserver
Golang
F5
Apache
Apple
Grpc
Microsoft
Nodejs
Dena
Facebook
Amazon
Debian
Kazu Yamamoto
Istio
Varnish Cache Project
Traefik
Projectcontour
Linkerd
Linecorp
Redhat
Fedoraproject
Netapp
Akka
Konghq
Jenkins
Openresty
Cisco
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-10-10 CVE-2023-4966 Citrix Unspecified vulnerability in Citrix products

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 

7.5
2023-10-10 CVE-2023-5499 Reachfargps Information Exposure Through Log Files vulnerability in Reachfargps Reachfar GPS Firmware 28

Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory.

7.5
2023-10-10 CVE-2023-40534 F5 Memory Leak vulnerability in F5 products

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5
2023-10-10 CVE-2023-40542 F5 Allocation of Resources Without Limits or Throttling vulnerability in F5 products

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5
2023-10-10 CVE-2023-41085 F5 Improper Handling of Exceptional Conditions vulnerability in F5 products

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5
2023-10-10 CVE-2023-42189 Tapo
Nanoleaf
Govee
Switchbot
Phillips
Yeelight
TP Link
Orein
EVE
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

7.5
2023-10-10 CVE-2023-40310 SAP Missing XML Validation vulnerability in SAP Powerdesigner 16.7

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source.

7.5
2023-10-10 CVE-2023-5471 Farmacia Project SQL Injection vulnerability in Farmacia Project Farmacia 1.0

A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0.

7.5
2023-10-09 CVE-2023-5462 Xinje Improper Resource Shutdown or Release vulnerability in Xinje Xd5E-30R-E Firmware 3.5.3B

A vulnerability was found in XINJE XD5E-30R-E 3.5.3b.

7.5
2023-10-09 CVE-2023-5459 Deltaww Improper Resource Shutdown or Release vulnerability in Deltaww products

A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical.

7.5
2023-10-09 CVE-2023-43699 Sick Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Apu0200 Firmware

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.

7.5
2023-10-09 CVE-2023-43700 Sick Missing Authorization vulnerability in Sick Apu0200 Firmware

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

7.5
2023-10-09 CVE-2023-5330 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.

7.5
2023-10-09 CVE-2023-3589 3DS Cross-Site Request Forgery (CSRF) vulnerability in 3DS Teamwork Cloud NO Magic Release 2021X/2022X

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

7.5
2023-10-09 CVE-2023-45371 Mediawiki Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

7.5
2023-10-09 CVE-2023-45363 Mediawiki
Debian
Infinite Loop vulnerability in multiple products

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

7.5
2023-10-09 CVE-2023-45349 Atos Unspecified vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr.

7.5
2023-10-12 CVE-2023-32634 Softether Unspecified vulnerability in Softether VPN 4.419782/5.01.9674

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta.

7.4
2023-10-10 CVE-2023-45226 F5 Use of Hard-coded Credentials vulnerability in F5 Big-Ip Next Service Proxy for Kubernetes 1.5.0

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers.

7.4
2023-10-10 CVE-2020-18336 Typora Cross-site Scripting vulnerability in Typora 0.9.65

Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.

7.4
2023-10-10 CVE-2023-36561 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2020.0.2/2020.1.2/2022.0.1

Azure DevOps Server Elevation of Privilege Vulnerability

7.3
2023-10-10 CVE-2023-36570 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36571 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36572 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36573 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36574 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36575 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36578 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36582 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36583 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36589 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36590 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36591 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36592 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-10 CVE-2023-36593 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3
2023-10-09 CVE-2023-45248 Acronis Uncontrolled Search Path Element vulnerability in Acronis Agent

Local privilege escalation due to DLL hijacking vulnerability.

7.3
2023-10-13 CVE-2023-32973 Qnap Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

7.2
2023-10-13 CVE-2023-32976 Qnap OS Command Injection vulnerability in Qnap Container Station

An OS command injection vulnerability has been reported to affect Container Station.

7.2
2023-10-11 CVE-2023-35649 Google Out-of-bounds Write vulnerability in Google Android

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check.

7.2
2023-10-11 CVE-2023-23930 Vantage6 Deserialization of Untrusted Data vulnerability in Vantage6

vantage6 is privacy preserving federated learning infrastructure.

7.2
2023-10-11 CVE-2023-26318 MI Classic Buffer Overflow vulnerability in MI Xiaomi Router Ax3200 Firmware

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.

7.2
2023-10-11 CVE-2023-26319 MI Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

7.2
2023-10-10 CVE-2023-36780 Microsoft Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019

Skype for Business Remote Code Execution Vulnerability

7.2
2023-10-10 CVE-2023-36786 Microsoft Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019

Skype for Business Remote Code Execution Vulnerability

7.2
2023-10-10 CVE-2023-36789 Microsoft Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019

Skype for Business Remote Code Execution Vulnerability

7.2
2023-10-10 CVE-2023-42768 F5 Insufficient Session Expiration vulnerability in F5 products

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST.

7.2
2023-10-10 CVE-2023-44847 Seacms Unspecified vulnerability in Seacms

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.

7.2
2023-10-11 CVE-2023-5520 Gpac Out-of-bounds Read vulnerability in Gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

7.1
2023-10-10 CVE-2023-41838 Fortinet OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

7.1
2023-10-09 CVE-2023-45247 Acronis Missing Authorization vulnerability in Acronis Agent

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-10-10 CVE-2023-36565 Microsoft Unspecified vulnerability in Microsoft Office and Office Long Term Servicing Channel

Microsoft Office Graphics Elevation of Privilege Vulnerability

7.0
2023-10-10 CVE-2023-36568 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

7.0
2023-10-10 CVE-2023-36721 Microsoft Unspecified vulnerability in Microsoft products

Windows Error Reporting Service Elevation of Privilege Vulnerability

7.0
2023-10-10 CVE-2023-36776 Microsoft Race Condition vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.0
2023-10-10 CVE-2023-36902 Microsoft Race Condition vulnerability in Microsoft products

Windows Runtime Remote Code Execution Vulnerability

7.0
2023-10-10 CVE-2023-38159 Microsoft Race Condition vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.0

207 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-13 CVE-2023-5409 HP Unspecified vulnerability in HP products

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs.

6.8
2023-10-13 CVE-2023-26366 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.

6.8
2023-10-09 CVE-2022-3728 Lenovo Insufficient Physical Protection Mechanism vulnerability in Lenovo products

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

6.8
2023-10-09 CVE-2022-48182 Lenovo Insufficient Physical Protection Mechanism vulnerability in Lenovo products

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

6.8
2023-10-09 CVE-2022-48183 Lenovo Insufficient Physical Protection Mechanism vulnerability in Lenovo products

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

6.8
2023-10-11 CVE-2023-35654 Google Out-of-bounds Read vulnerability in Google Android

In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check.

6.7
2023-10-11 CVE-2023-35655 Google Out-of-bounds Read vulnerability in Google Android

In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow.

6.7
2023-10-11 CVE-2023-35660 Google Use After Free vulnerability in Google Android

In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free.

6.7
2023-10-10 CVE-2023-42788 Fortinet OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command

6.7
2023-10-10 CVE-2023-37194 Siemens Improper Access Control vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).

6.7
2023-10-13 CVE-2023-38221 Adobe SQL Injection vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.

6.6
2023-10-13 CVE-2023-38249 Adobe SQL Injection vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.

6.6
2023-10-13 CVE-2023-38250 Adobe SQL Injection vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.

6.6
2023-10-14 CVE-2023-5579 Yzh66 Information Exposure vulnerability in Yzh66 Sandbox 6.1.0

A vulnerability was found in yhz66 Sandbox 6.1.0.

6.5
2023-10-14 CVE-2023-42663 Apache Unspecified vulnerability in Apache Airflow

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

6.5
2023-10-14 CVE-2023-42780 Apache Information Exposure vulnerability in Apache Airflow

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs.

6.5
2023-10-14 CVE-2023-42792 Apache Exposure of Resource to Wrong Sphere vulnerability in Apache Airflow

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

6.5
2023-10-14 CVE-2023-45674 Farmbot SQL Injection vulnerability in Farmbot web APP

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform.

6.5
2023-10-13 CVE-2023-45393 Grandingteco Authorization Bypass Through User-Controlled Key vulnerability in Grandingteco Utime Master 9.0.7

An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.

6.5
2023-10-13 CVE-2023-5573 Vrite Allocation of Resources Without Limits or Throttling vulnerability in Vrite

Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.

6.5
2023-10-13 CVE-2023-44184 Juniper Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos and Junos OS Evolved

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'

6.5
2023-10-13 CVE-2023-44196 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved

An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE.

6.5
2023-10-13 CVE-2023-44203 Juniper Unspecified vulnerability in Juniper Junos

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.

6.5
2023-10-13 CVE-2023-44204 Juniper Improper Input Validation vulnerability in Juniper Junos and Junos OS Evolved

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;

6.5
2023-10-12 CVE-2023-22392 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes.

6.5
2023-10-12 CVE-2023-36839 Juniper Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device.

6.5
2023-10-11 CVE-2023-5475 Google
Fedoraproject
Debian
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension.
6.5
2023-10-11 CVE-2023-5479 Google
Debian
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page.
6.5
2023-10-11 CVE-2023-5481 Google
Debian
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5
2023-10-11 CVE-2023-5483 Google
Debian
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5
2023-10-11 CVE-2023-5484 Google
Fedoraproject
Debian
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5
2023-10-11 CVE-2023-5487 Google
Fedoraproject
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
6.5
2023-10-11 CVE-2023-45396 Elenos Authorization Bypass Through User-Controlled Key vulnerability in Elenos Etg150 Firmware 3.12

An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.

6.5
2023-10-10 CVE-2023-36429 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

6.5
2023-10-10 CVE-2023-36433 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

6.5
2023-10-10 CVE-2023-36564 Microsoft Unspecified vulnerability in Microsoft products

Windows Search Security Feature Bypass Vulnerability

6.5
2023-10-10 CVE-2023-36566 Microsoft Unspecified vulnerability in Microsoft Common Data Model SDK

Microsoft Common Data Model SDK Denial of Service Vulnerability

6.5
2023-10-10 CVE-2023-36706 Microsoft Unspecified vulnerability in Microsoft products

Windows Deployment Services Information Disclosure Vulnerability

6.5
2023-10-10 CVE-2023-36717 Microsoft Unspecified vulnerability in Microsoft products

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

6.5
2023-10-10 CVE-2023-42787 Fortinet Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.

6.5
2023-10-10 CVE-2023-44249 Fortinet Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

6.5
2023-10-10 CVE-2023-30804 Sangfor Unspecified vulnerability in Sangfor Next-Gen Application Firewall 8.0.17

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability.

6.5
2023-10-10 CVE-2023-41964 F5 Cleartext Storage of Sensitive Information vulnerability in F5 products

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5
2023-10-10 CVE-2023-42477 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java 7.50

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.

6.5
2023-10-09 CVE-2022-36228 Janusintl Missing Authorization vulnerability in Janusintl products

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions.

6.5
2023-10-09 CVE-2023-41047 Octoprint Unspecified vulnerability in Octoprint

OctoPrint is a web interface for 3D printers.

6.5
2023-10-09 CVE-2023-25822 Reportportal Allocation of Resources Without Limits or Throttling vulnerability in Reportportal Service-Api

ReportPortal is an AI-powered test automation platform.

6.5
2023-10-09 CVE-2023-36820 Objectcomputing Improper Access Control vulnerability in Objectcomputing Micronaut Security

Micronaut Security is a security solution for applications.

6.5
2023-10-09 CVE-2023-43697 Sick Unspecified vulnerability in Sick Apu0200 Firmware

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.

6.5
2023-10-09 CVE-2023-5100 Sick Cleartext Transmission of Sensitive Information vulnerability in Sick Apu0200 Firmware

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.

6.5
2023-10-09 CVE-2023-5333 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.

6.5
2023-10-09 CVE-2023-39854 ATX Server-Side Request Forgery (SSRF) vulnerability in ATX Ucrypt 3.5

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter.

6.5
2023-10-09 CVE-2023-45367 Mediawiki Unspecified vulnerability in Mediawiki

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

6.5
2023-10-14 CVE-2023-45863 Linux Out-of-bounds Write vulnerability in Linux Kernel

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3.

6.4
2023-10-11 CVE-2023-35645 Google Out-of-bounds Write vulnerability in Google Android

In tbd of tbd, there is a possible memory corruption due to a race condition.

6.4
2023-10-11 CVE-2023-5473 Google
Debian
Use After Free vulnerability in multiple products

Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

6.3
2023-10-15 CVE-2018-25091 Python Open Redirect vulnerability in Python Urllib3 1.10.2

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).

6.1
2023-10-15 CVE-2023-5585 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Motorcycle (Bike) Rental System 1.0

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0.

6.1
2023-10-14 CVE-2023-5581 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Medicine Tracker System 1.0

A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0.

6.1
2023-10-13 CVE-2023-41680 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

6.1
2023-10-13 CVE-2023-41681 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

6.1
2023-10-13 CVE-2023-41836 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

6.1
2023-10-12 CVE-2023-5562 Knime Cross-site Scripting vulnerability in Knime Analytics Platform

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack.

6.1
2023-10-12 CVE-2023-5555 Frappe Cross-site Scripting vulnerability in Frappe LMS 1.0.0

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.

6.1
2023-10-12 CVE-2023-5556 Structurizr Cross-site Scripting vulnerability in Structurizr On-Premises Installation

Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.

6.1
2023-10-11 CVE-2023-37538 Hcltech Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5

HCL Digital Experience is susceptible to cross site scripting (XSS).

6.1
2023-10-10 CVE-2023-36126 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0

6.1
2023-10-10 CVE-2023-36416 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

6.1
2023-10-09 CVE-2023-44812 Moosocial Cross-site Scripting vulnerability in Moosocial 3.1.8

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

6.1
2023-10-09 CVE-2023-44813 Moosocial Cross-site Scripting vulnerability in Moosocial 3.1.8

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

6.1
2023-10-09 CVE-2023-44393 Piwigo Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Piwigo

Piwigo is an open source photo gallery application.

6.1
2023-10-09 CVE-2023-43643 Antisamy Project Cross-site Scripting vulnerability in Antisamy Project Antisamy

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources.

6.1
2023-10-09 CVE-2023-43698 Sick Cross-site Scripting vulnerability in Sick Apu0200 Firmware

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website.

6.1
2023-10-09 CVE-2023-45373 Mediawiki Cross-site Scripting vulnerability in Mediawiki

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

6.1
2023-10-09 CVE-2023-39189 Linux
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A flaw was found in the Netfilter subsystem in the Linux kernel.

6.0
2023-10-09 CVE-2023-39192 Linux
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A flaw was found in the Netfilter subsystem in the Linux kernel.

6.0
2023-10-09 CVE-2023-39193 Linux
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A flaw was found in the Netfilter subsystem in the Linux kernel.

6.0
2023-10-14 CVE-2022-33161 IBM Missing Encryption of Sensitive Data vulnerability in IBM products

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

5.9
2023-10-12 CVE-2023-22325 Softether Infinite Loop vulnerability in Softether VPN 4.419782/5.01.9674/5.02

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02.

5.9
2023-10-10 CVE-2023-42794 Apache Incomplete Cleanup vulnerability in Apache Tomcat

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream.

5.9
2023-10-09 CVE-2023-5461 Deltaww Cleartext Transmission of Sensitive Information vulnerability in Deltaww Wplsoft 2.51

A vulnerability was found in Delta Electronics WPLSoft 2.51.

5.9
2023-10-09 CVE-2023-5460 Deltaww Heap-based Buffer Overflow vulnerability in Deltaww Wplsoft

A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic.

5.7
2023-10-14 CVE-2023-45862 Linux
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5.

5.5
2023-10-14 CVE-2023-45176 IBM Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.

5.5
2023-10-14 CVE-2023-1259 Hotjar Cross-site Scripting vulnerability in Hotjar

The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.

5.5
2023-10-13 CVE-2023-42752 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

An integer overflow flaw was found in the Linux kernel.

5.5
2023-10-13 CVE-2023-44176 Juniper Out-of-bounds Write vulnerability in Juniper Junos

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.

5.5
2023-10-13 CVE-2023-44177 Juniper Out-of-bounds Write vulnerability in Juniper Junos

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.

5.5
2023-10-13 CVE-2023-44178 Juniper Out-of-bounds Write vulnerability in Juniper Junos

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2.

5.5
2023-10-13 CVE-2023-44193 Juniper Memory Leak vulnerability in Juniper Junos

An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot.

5.5
2023-10-13 CVE-2023-44201 Juniper Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Junos

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created.

5.5
2023-10-12 CVE-2023-45511 Justdan96 Memory Leak vulnerability in Justdan96 Tsmuxer Nightly20231005015556

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

5.5
2023-10-12 CVE-2023-27315 Netapp Insufficiently Protected Credentials vulnerability in Netapp Snapgathers

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials

5.5
2023-10-12 CVE-2023-43789 Libxpm Project
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

5.5
2023-10-12 CVE-2023-42298 Gpac Integer Overflow or Wraparound vulnerability in Gpac

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

5.5
2023-10-11 CVE-2023-44187 Juniper Information Exposure vulnerability in Juniper Junos OS Evolved

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line.

5.5
2023-10-11 CVE-2023-38216 Adobe Use After Free vulnerability in Adobe Bridge

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-10-11 CVE-2023-38217 Adobe Out-of-bounds Read vulnerability in Adobe Bridge

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-10-10 CVE-2023-36563 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WordPad Information Disclosure Vulnerability

5.5
2023-10-10 CVE-2023-36576 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2023-10-10 CVE-2023-36713 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Information Disclosure Vulnerability

5.5
2023-10-10 CVE-2023-36724 Microsoft Unspecified vulnerability in Microsoft products

Windows Power Management Service Information Disclosure Vulnerability

5.5
2023-10-10 CVE-2023-36728 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Denial of Service Vulnerability

5.5
2023-10-10 CVE-2023-25604 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortiguest 1.0.0

An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.

5.5
2023-10-10 CVE-2023-41253 F5 Information Exposure Through Log Files vulnerability in F5 Big-Ip Domain Name System

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.5
2023-10-10 CVE-2023-43485 F5 Information Exposure Through Log Files vulnerability in F5 products

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.5
2023-10-10 CVE-2023-43785 X ORG
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function.

5.5
2023-10-10 CVE-2023-43786 X ORG
Redhat
Fedoraproject
Infinite Loop vulnerability in multiple products

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function.

5.5
2023-10-10 CVE-2023-43788 X ORG
Fedoraproject
Redhat
Out-of-bounds Read vulnerability in multiple products

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function.

5.5
2023-10-09 CVE-2023-44821 Lcdf Memory Leak vulnerability in Lcdf Gifsicle

Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption).

5.5
2023-10-09 CVE-2023-44378 Consensys Incorrect Comparison vulnerability in Consensys Gnark

gnark is a zk-SNARK library that offers a high-level API to design circuits.

5.5
2023-10-14 CVE-2023-40367 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.

5.4
2023-10-14 CVE-2023-5582 Zzzcms Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zzzcms 2.2.0

A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0.

5.4
2023-10-14 CVE-2023-5578 Portabilis Cross-site Scripting vulnerability in Portabilis I-Educar

A vulnerability was found in Portábilis i-Educar up to 2.7.5.

5.4
2023-10-14 CVE-2023-30148 Opart Cross-site Scripting vulnerability in Opart Multi Html Block

Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

5.4
2023-10-13 CVE-2023-34977 Qnap Cross-site Scripting vulnerability in Qnap Video Station

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station.

5.4
2023-10-13 CVE-2023-45269 Coleds Cross-Site Request Forgery (CSRF) vulnerability in Coleds Simple SEO

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.

5.4
2023-10-13 CVE-2023-41843 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

5.4
2023-10-13 CVE-2023-4517 Hestiacp Cross-site Scripting vulnerability in Hestiacp

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

5.4
2023-10-13 CVE-2023-4829 Froxlor Cross-site Scripting vulnerability in Froxlor

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.

5.4
2023-10-13 CVE-2023-4995 Embedcalendly Unspecified vulnerability in Embedcalendly Embed Calendly

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-13 CVE-2023-38000 Wordpress Cross-site Scripting vulnerability in Wordpress Gutenberg and Wordpress

Auth.

5.4
2023-10-12 CVE-2023-32721 Zabbix Cross-site Scripting vulnerability in Zabbix

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

5.4
2023-10-12 CVE-2023-5470 Etsy Shop Project Unspecified vulnerability in Etsy Shop Project Etsy Shop

The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-11 CVE-2023-44189 Juniper Origin Validation Error vulnerability in Juniper Junos OS Evolved

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.

5.4
2023-10-11 CVE-2023-44190 Juniper Origin Validation Error vulnerability in Juniper Junos OS Evolved

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.

5.4
2023-10-11 CVE-2023-28635 Vantage6 Incorrect Authorization vulnerability in Vantage6

vantage6 is privacy preserving federated learning infrastructure.

5.4
2023-10-11 CVE-2023-34354 Peplink Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).

5.4
2023-10-10 CVE-2023-26220 Tibco Cross-site Scripting vulnerability in Tibco Spotfire Analyst and Spotfire Server

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system.

5.4
2023-10-10 CVE-2023-36584 Microsoft Unspecified vulnerability in Microsoft products

Windows Mark of the Web Security Feature Bypass Vulnerability

5.4
2023-10-10 CVE-2023-36555 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.

5.4
2023-10-10 CVE-2023-36637 Fortinet Cross-site Scripting vulnerability in Fortinet Fortimail

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.

5.4
2023-10-10 CVE-2023-5496 Translator Poqdev ADD ON Project Cross-site Scripting vulnerability in Translator Poqdev Add-On Project Translator Poqdev Add-On 1.0.11

A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox.

5.4
2023-10-10 CVE-2023-44763 Concretecms Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS 9.2.1

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS).

5.4
2023-10-10 CVE-2023-44315 Siemens Cross-site Scripting vulnerability in Siemens Sinec NMS 1.0/1.0.3

A vulnerability has been identified in SINEC NMS (All versions < V2.0).

5.4
2023-10-10 CVE-2023-5467 Geomywp Cross-site Scripting vulnerability in Geomywp GEO MY Wordpress

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-10 CVE-2023-5468 Leechesnutt Unspecified vulnerability in Leechesnutt Slick Contact Forms 1.3.7

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-10-10 CVE-2023-44826 Easycorp Cross-site Scripting vulnerability in Easycorp Zentao 18.6

Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.

5.4
2023-10-10 CVE-2023-42473 SAP Missing Authorization vulnerability in SAP S/4Hana 106

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.

5.4
2023-10-10 CVE-2023-42474 SAP Cross-site Scripting vulnerability in SAP Businessobjects web Intelligence 420

SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack.

5.4
2023-10-09 CVE-2023-30910 HPE HTTP Request Smuggling vulnerability in HPE products

HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 

5.4
2023-10-15 CVE-2023-5588 Kpherox Path Traversal vulnerability in Kpherox Pleroma

A vulnerability was found in kphrx pleroma.

5.3
2023-10-14 CVE-2022-43868 IBM Unspecified vulnerability in IBM Security Verify Access Oidc Provider

IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system.

5.3
2023-10-13 CVE-2023-38251 Adobe Resource Exhaustion vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service.

5.3
2023-10-13 CVE-2023-44183 Juniper Memory Leak vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions.

5.3
2023-10-13 CVE-2023-44195 Juniper Unspecified vulnerability in Juniper Junos OS Evolved

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this.

5.3
2023-10-12 CVE-2023-41261 Plixer Improper Authentication vulnerability in Plixer Scrutinizer

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1.

5.3
2023-10-12 CVE-2023-31192 Softether Use of Uninitialized Resource vulnerability in Softether VPN 5.01.9674

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674.

5.3
2023-10-11 CVE-2023-44188 Juniper Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS).

5.3
2023-10-11 CVE-2023-44962 Koha Community Unrestricted Upload of File with Dangerous Type vulnerability in Koha-Community Koha Library Software

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.

5.3
2023-10-11 CVE-2023-41304 Huawei Improper Check for Unusual or Exceptional Conditions vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

5.3
2023-10-11 CVE-2023-44102 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Harmonyos

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

5.3
2023-10-11 CVE-2023-44094 Huawei Type Confusion vulnerability in Huawei Emui and Harmonyos

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

5.3
2023-10-11 CVE-2022-44758 Hcltech Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2

BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content.

5.3
2023-10-10 CVE-2023-45648 Apache
Debian
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers.

5.3
2023-10-10 CVE-2023-41763 Microsoft Server-Side Request Forgery (SSRF) vulnerability in Microsoft Skype for Business Server 2015/2019

Skype for Business Elevation of Privilege Vulnerability

5.3
2023-10-10 CVE-2023-42795 Apache
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

5.3
2023-10-10 CVE-2023-41675 Fortinet Use After Free vulnerability in Fortinet Fortios and Fortiproxy

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

5.3
2023-10-10 CVE-2023-42782 Fortinet Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

5.3
2023-10-10 CVE-2023-44399 Zitadel Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel

ZITADEL provides identity infrastructure.

5.3
2023-10-10 CVE-2023-30802 Sangfor Exposure of Resource to Wrong Sphere vulnerability in Sangfor Next-Gen Application Firewall 8.0.17

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability.

5.3
2023-10-10 CVE-2023-43623 Mendix Information Exposure Through Discrepancy vulnerability in Mendix Forgot Password

A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0).

5.3
2023-10-09 CVE-2023-5101 Sick Files or Directories Accessible to External Parties vulnerability in Sick Apu0200 Firmware

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.

5.3
2023-10-09 CVE-2023-5102 Sick Unspecified vulnerability in Sick Apu0200 Firmware

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.

5.3
2023-10-09 CVE-2023-5331 Mattermost Missing Authorization vulnerability in Mattermost Server

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.

5.3
2023-10-09 CVE-2023-45370 Mediawiki Unspecified vulnerability in Mediawiki

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

5.3
2023-10-09 CVE-2023-45372 Mediawiki Unspecified vulnerability in Mediawiki

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

5.3
2023-10-09 CVE-2023-45374 Mediawiki Unspecified vulnerability in Mediawiki

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

5.3
2023-10-09 CVE-2023-45364 Mediawiki
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.

5.3
2023-10-13 CVE-2023-32970 Qnap NULL Pointer Dereference vulnerability in Qnap Qts, Quts Hero and Qutscloud

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.

4.9
2023-10-13 CVE-2023-26367 Adobe Improper Input Validation vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker.

4.9
2023-10-10 CVE-2023-45129 Matrix
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation.

4.9
2023-10-13 CVE-2023-45391 Grandingteco Cross-site Scripting vulnerability in Grandingteco Utime Master 9.0.7

A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.

4.8
2023-10-13 CVE-2023-5564 Froxlor Cross-site Scripting vulnerability in Froxlor

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.

4.8
2023-10-09 CVE-2022-35950 Oroinc Cross-site Scripting vulnerability in Oroinc Orocommerce

OroCommerce is an open-source Business to Business Commerce application.

4.8
2023-10-13 CVE-2023-40682 IBM Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise 12.0.1.0/12.0.4.0/12.0.5.0

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.

4.4
2023-10-12 CVE-2023-32275 Softether Exposure of Resource to Wrong Sphere vulnerability in Softether VPN 4.419782/5.01.9674

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674.

4.4
2023-10-11 CVE-2023-35653 Google Incorrect Authorization vulnerability in Google Android

In TBD of TBD, there is a possible way to access location information due to a permissions bypass.

4.4
2023-10-11 CVE-2022-42451 Hcltech Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Patch Management 1054

Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.

4.4
2023-10-10 CVE-2023-36698 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Security Feature Bypass Vulnerability

4.4
2023-10-10 CVE-2023-36722 Microsoft Unspecified vulnerability in Microsoft products

Active Directory Domain Services Information Disclosure Vulnerability

4.4
2023-10-10 CVE-2023-39447 F5 Information Exposure Through Log Files vulnerability in F5 products

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.4
2023-10-10 CVE-2023-45219 F5 Unspecified vulnerability in F5 products

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.4
2023-10-10 CVE-2023-37195 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).

4.4
2023-10-10 CVE-2023-38640 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Pas/Pqs

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22).

4.4
2023-10-09 CVE-2023-39194 Linux
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A flaw was found in the XFRM subsystem in the Linux kernel.

4.4
2023-10-14 CVE-2023-45348 Apache Unspecified vulnerability in Apache Airflow 2.7.0/2.7.1

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only".

4.3
2023-10-13 CVE-2023-39999 Wordpress
Fedoraproject
Information Exposure vulnerability in multiple products

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

4.3
2023-10-12 CVE-2023-27312 Netapp Unspecified vulnerability in Netapp Snapcenter Plug-In

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.

4.3
2023-10-12 CVE-2023-5531 I13Websolution Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Thumbnail Slider With Lightbox 1.0

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.

4.3
2023-10-11 CVE-2023-5477 Google
Debian
Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command.
4.3
2023-10-11 CVE-2023-5478 Google
Debian
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
4.3
2023-10-11 CVE-2023-5485 Google
Debian
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page.
4.3
2023-10-11 CVE-2023-5486 Google
Debian
Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page.
4.3
2023-10-11 CVE-2023-41881 Vantage6 Unspecified vulnerability in Vantage6

vantage6 is privacy preserving federated learning infrastructure.

4.3
2023-10-11 CVE-2023-41882 Vantage6 Incorrect Authorization vulnerability in Vantage6

vantage6 is privacy preserving federated learning infrastructure.

4.3
2023-10-11 CVE-2023-4957 Zebra Authentication Bypass Using an Alternate Path or Channel vulnerability in Zebra Zt410 Firmware

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer.

4.3
2023-10-11 CVE-2023-44110 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

4.3
2023-10-11 CVE-2023-44689 E GOV Missing Authorization vulnerability in E-Gov

e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme.

4.3
2023-10-11 CVE-2023-45194 MRL Use of Hard-coded Credentials vulnerability in MRL products

Use of default credentials vulnerability in MR-GM2 firmware Ver.

4.3
2023-10-10 CVE-2023-33301 Fortinet Unspecified vulnerability in Fortinet Fortios

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

4.3
2023-10-10 CVE-2023-5498 Chiefonboarding Cross-Site Request Forgery (CSRF) vulnerability in Chiefonboarding

Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.

4.3
2023-10-10 CVE-2023-41365 SAP XXE vulnerability in SAP Business ONE 10.0

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure.

4.3
2023-10-10 CVE-2023-42475 SAP Information Exposure Through an Error Message vulnerability in SAP S/4Hana

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

4.3
2023-10-09 CVE-2023-5103 Sick Improper Restriction of Rendered UI Layers or Frames vulnerability in Sick Apu0200 Firmware

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.

4.3
2023-10-09 CVE-2023-45369 Mediawiki Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.

4.3
2023-10-13 CVE-2023-36559 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.2

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-10-12 CVE-2023-41263 Plixer Information Exposure Through Log Files vulnerability in Plixer Scrutinizer

An issue was discovered in Plixer Scrutinizer before 19.3.1.

3.7
2023-10-12 CVE-2023-45143 Nodejs
Fedoraproject
Information Exposure vulnerability in multiple products

Undici is an HTTP/1.1 client written from scratch for Node.js.

3.5
2023-10-13 CVE-2023-5449 HP Unspecified vulnerability in HP products

A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.

3.3
2023-10-10 CVE-2023-37939 Fortinet Unspecified vulnerability in Fortinet Forticlient

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

3.3