Weekly Vulnerabilities Reports > December 4 to 10, 2023
Overview
684 new vulnerabilities reported during this period, including 110 critical vulnerabilities and 280 high severity vulnerabilities. This weekly summary report vulnerabilities in 1369 products from 190 vendors including Google, Qualcomm, Samsung, Tenda, and Jfinalcms Project. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Missing Authorization", "Cross-site Scripting", "Out-of-bounds Read", and "Cross-Site Request Forgery (CSRF)".
- 438 reported vulnerabilities are remotely exploitables.
- 129 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 347 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 184 reported vulnerabilities.
- Tenda has the most reported critical vulnerabilities, with 26 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
110 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-10 | CVE-2023-6658 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. | 9.8 |
2023-12-10 | CVE-2023-6657 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. | 9.8 |
2023-12-10 | CVE-2023-6655 | Hrp2000 | Unspecified vulnerability in Hrp2000 E-Hr 2020 A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. | 9.8 |
2023-12-10 | CVE-2023-6652 | Carmelogarcia | Unspecified vulnerability in Carmelogarcia Matrimonial Site 1.0 A vulnerability was found in code-projects Matrimonial Site 1.0. | 9.8 |
2023-12-10 | CVE-2023-6651 | Carmelogarcia | Unspecified vulnerability in Carmelogarcia Matrimonial Site 1.0 A vulnerability was found in code-projects Matrimonial Site 1.0. | 9.8 |
2023-12-10 | CVE-2023-6648 | Phpgurukul | Unspecified vulnerability in PHPgurukul Nipah Virus Testing Management System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. | 9.8 |
2023-12-10 | CVE-2023-6647 | Amttgroup | Unspecified vulnerability in Amttgroup Hibos 1.0 A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. | 9.8 |
2023-12-09 | CVE-2023-47254 | Draytek | OS Command Injection vulnerability in Draytek Vigor167 Firmware 5.2.2 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | 9.8 |
2023-12-09 | CVE-2023-46932 | Gpac | Out-of-bounds Write vulnerability in Gpac 2.3Devrev617G671976Fccmaster Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. | 9.8 |
2023-12-08 | CVE-2023-46498 | Evershop | Unspecified vulnerability in Evershop 1.0.0 An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | 9.8 |
2023-12-08 | CVE-2023-6619 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. | 9.8 |
2023-12-08 | CVE-2023-6617 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. | 9.8 |
2023-12-08 | CVE-2023-48423 | Out-of-bounds Write vulnerability in Google Android In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2023-12-08 | CVE-2023-6612 | Totolink | Unspecified vulnerability in Totolink X5000R Firmware 9.1.0Cu.2300B20230112 A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. | 9.8 |
2023-12-08 | CVE-2023-49443 | Html JS | Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8 DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. | 9.8 |
2023-12-08 | CVE-2023-49007 | Netgear | Out-of-bounds Write vulnerability in Netgear Rbr750 Firmware In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. | 9.8 |
2023-12-08 | CVE-2023-48929 | Franklin Electric | Session Fixation vulnerability in Franklin-Electric System Sentinel Anyware 1.6.24.492 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. | 9.8 |
2023-12-08 | CVE-2023-43742 | Zultys | Improper Authentication vulnerability in Zultys products An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. | 9.8 |
2023-12-07 | CVE-2023-6579 | Oscommerce | Unspecified vulnerability in Oscommerce 4.0 A vulnerability, which was classified as critical, has been found in osCommerce 4. | 9.8 |
2023-12-07 | CVE-2023-6581 | Dlink | Unspecified vulnerability in Dlink Dar-7000 Firmware A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. | 9.8 |
2023-12-07 | CVE-2023-40300 | Netscout | Use of Hard-coded Credentials vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | 9.8 |
2023-12-07 | CVE-2023-40301 | Netscout | Command Injection vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | 9.8 |
2023-12-07 | CVE-2023-49404 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. | 9.8 |
2023-12-07 | CVE-2023-49405 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. | 9.8 |
2023-12-07 | CVE-2023-49406 | Tenda | Unspecified vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | 9.8 |
2023-12-07 | CVE-2023-49408 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. | 9.8 |
2023-12-07 | CVE-2023-49409 | Tenda | Unspecified vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | 9.8 |
2023-12-07 | CVE-2023-49411 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. | 9.8 |
2023-12-07 | CVE-2023-49402 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. | 9.8 |
2023-12-07 | CVE-2023-49403 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. | 9.8 |
2023-12-07 | CVE-2023-49410 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. | 9.8 |
2023-12-07 | CVE-2023-49999 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | 9.8 |
2023-12-07 | CVE-2023-50000 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. | 9.8 |
2023-12-07 | CVE-2023-50001 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | 9.8 |
2023-12-07 | CVE-2023-50002 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware 16.01.0.12(4843) Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | 9.8 |
2023-12-07 | CVE-2023-49429 | Tenda | SQL Injection vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | 9.8 |
2023-12-07 | CVE-2023-49430 | Tenda | Out-of-bounds Write vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. | 9.8 |
2023-12-07 | CVE-2023-49431 | Tenda | Command Injection vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 |
2023-12-07 | CVE-2023-49432 | Tenda | Out-of-bounds Write vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | 9.8 |
2023-12-07 | CVE-2023-49433 | Tenda | Out-of-bounds Write vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. | 9.8 |
2023-12-07 | CVE-2023-49434 | Tenda | Out-of-bounds Write vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 |
2023-12-07 | CVE-2023-49435 | Tenda | Command Injection vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 is vulnerable to command injection. | 9.8 |
2023-12-07 | CVE-2023-49436 | Tenda | Command Injection vulnerability in Tenda AX9 Firmware 22.03.01.46 Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 |
2023-12-07 | CVE-2023-49425 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | 9.8 |
2023-12-07 | CVE-2023-49426 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | 9.8 |
2023-12-07 | CVE-2023-49428 | Tenda | Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 |
2023-12-07 | CVE-2023-49437 | Tenda | Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 |
2023-12-07 | CVE-2023-49424 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | 9.8 |
2023-12-07 | CVE-2023-35039 | Bedevious | Unspecified vulnerability in Bedevious Password Reset With Code for Wordpress Rest API Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | 9.8 |
2023-12-07 | CVE-2023-50164 | Apache | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |
2023-12-07 | CVE-2023-48860 | Totolink | Unspecified vulnerability in Totolink N300Rt Firmware 3.2.4B20180730.0906 TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | 9.8 |
2023-12-07 | CVE-2023-48823 | Mayurik | SQL Injection vulnerability in Mayurik Courier Management System 1.0 A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | 9.8 |
2023-12-07 | CVE-2023-41913 | Strongswan | Classic Buffer Overflow vulnerability in Strongswan strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. | 9.8 |
2023-12-06 | CVE-2023-46353 | Mypresta | SQL Injection vulnerability in Mypresta Product TAG Icons PRO In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
2023-12-06 | CVE-2023-36655 | Prolion | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. | 9.8 |
2023-12-06 | CVE-2023-46773 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission management vulnerability in the PMS module. | 9.8 |
2023-12-06 | CVE-2023-6458 | Mattermost | Injection vulnerability in Mattermost Server Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | 9.8 |
2023-12-06 | CVE-2023-48849 | Ruijie | Unspecified vulnerability in Ruijie products Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | 9.8 |
2023-12-06 | CVE-2023-22524 | Atlassian | Unspecified vulnerability in Atlassian Companion Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. | 9.8 |
2023-12-06 | CVE-2023-41268 | Samsung | Out-of-bounds Write vulnerability in Samsung Escargot 3.0.0/4.0.0 Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. | 9.8 |
2023-12-06 | CVE-2023-48930 | Rockoa | Unrestricted Upload of File with Dangerous Type vulnerability in Rockoa Xinhu 2.2.1 xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | 9.8 |
2023-12-05 | CVE-2023-6448 | Unitronics | Use of Hard-coded Credentials vulnerability in Unitronics products Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. | 9.8 |
2023-12-05 | CVE-2023-49070 | Apache | Unspecified vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |
2023-12-05 | CVE-2023-6269 | Atos | Argument Injection or Modification vulnerability in Atos products An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. | 9.8 |
2023-12-05 | CVE-2023-33082 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | 9.8 |
2023-12-05 | CVE-2023-33083 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in WLAN Host while processing RRM beacon on the AP. | 9.8 |
2023-12-05 | CVE-2023-42580 | Samsung | Unspecified vulnerability in Samsung Galaxy Store Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | 9.8 |
2023-12-05 | CVE-2023-48315 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Netx DUO Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. | 9.8 |
2023-12-05 | CVE-2023-48316 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Azure Rtos Netx DUO Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. | 9.8 |
2023-12-05 | CVE-2023-48691 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Netx DUO Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. | 9.8 |
2023-12-05 | CVE-2023-48692 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Netx DUO Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. | 9.8 |
2023-12-05 | CVE-2023-48693 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Threadx Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. | 9.8 |
2023-12-05 | CVE-2023-48694 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2023-12-05 | CVE-2023-48695 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2023-12-05 | CVE-2023-48696 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2023-12-05 | CVE-2023-48697 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2023-12-05 | CVE-2023-48698 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2023-12-05 | CVE-2023-49291 | TJ Actions | Unspecified vulnerability in Tj-Actions Branch-Names tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. | 9.8 |
2023-12-04 | CVE-2023-21162 | Unspecified vulnerability in Google Android In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. | 9.8 | |
2023-12-04 | CVE-2023-21163 | Unspecified vulnerability in Google Android In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. | 9.8 | |
2023-12-04 | CVE-2023-21164 | Unspecified vulnerability in Google Android In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. | 9.8 | |
2023-12-04 | CVE-2023-21166 | Unspecified vulnerability in Google Android In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. | 9.8 | |
2023-12-04 | CVE-2023-21215 | Unspecified vulnerability in Google Android In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. | 9.8 | |
2023-12-04 | CVE-2023-21216 | Unspecified vulnerability in Google Android In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. | 9.8 | |
2023-12-04 | CVE-2023-21217 | Unspecified vulnerability in Google Android In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. | 9.8 | |
2023-12-04 | CVE-2023-21218 | Unspecified vulnerability in Google Android In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 | |
2023-12-04 | CVE-2023-21228 | Unspecified vulnerability in Google Android In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 | |
2023-12-04 | CVE-2023-21263 | Unspecified vulnerability in Google Android In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. | 9.8 | |
2023-12-04 | CVE-2023-21401 | Unspecified vulnerability in Google Android In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. | 9.8 | |
2023-12-04 | CVE-2023-21402 | Unspecified vulnerability in Google Android In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. | 9.8 | |
2023-12-04 | CVE-2023-21403 | Unspecified vulnerability in Google Android In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. | 9.8 | |
2023-12-04 | CVE-2023-24049 | Connectize | Weak Password Requirements vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | 9.8 |
2023-12-04 | CVE-2023-24051 | Connectize | Improper Restriction of Excessive Authentication Attempts vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | 9.8 |
2023-12-04 | CVE-2023-24052 | Connectize | Unspecified vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. | 9.8 |
2023-12-04 | CVE-2023-35690 | Unspecified vulnerability in Google Android In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. | 9.8 | |
2023-12-04 | CVE-2023-40078 | Out-of-bounds Write vulnerability in Google Android 14.0 In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. | 9.8 | |
2023-12-04 | CVE-2023-40082 | Unspecified vulnerability in Google Android 14.0 In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. | 9.8 | |
2023-12-04 | CVE-2023-5952 | Collne | Unspecified vulnerability in Collne Welcart The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog | 9.8 |
2023-12-04 | CVE-2023-48910 | Microcks | Server-Side Request Forgery (SSRF) vulnerability in Microcks Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. | 9.8 |
2023-12-04 | CVE-2023-48967 | Noear | Deserialization of Untrusted Data vulnerability in Noear Solon Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | 9.8 |
2023-12-04 | CVE-2023-48799 | Totolink | Unspecified vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. | 9.8 |
2023-12-04 | CVE-2023-48800 | Totolink | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | 9.8 |
2023-12-04 | CVE-2023-44302 | Dell | Improper Authentication vulnerability in Dell Powerprotect Data Manager Dm5500 Firmware Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. | 9.8 |
2023-12-04 | CVE-2023-44305 | Dell | Out-of-bounds Write vulnerability in Dell Dm5500 Firmware 5.14.0.0 Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. | 9.8 |
2023-12-04 | CVE-2023-49287 | Cxong | Classic Buffer Overflow vulnerability in Cxong Tinydir TinyDir is a lightweight C directory and file reader. | 9.8 |
2023-12-09 | CVE-2023-50429 | Izybat | SQL Injection vulnerability in Izybat Orange Casiers 202209161/202211021 IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. | 9.1 |
2023-12-09 | CVE-2023-6394 | Quarkus Redhat | Missing Authorization vulnerability in multiple products A flaw was found in Quarkus. | 9.1 |
2023-12-07 | CVE-2023-40302 | Netscout | Incorrect Permission Assignment for Critical Resource vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | 9.1 |
2023-12-07 | CVE-2023-39172 | Enbw | Cleartext Transmission of Sensitive Information vulnerability in Enbw Senec Storage BOX Firmware The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. | 9.1 |
2023-12-05 | CVE-2023-33054 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | 9.1 |
280 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-10 | CVE-2023-5869 | Postgresql Redhat | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |
2023-12-10 | CVE-2023-6654 | Phpems | Unspecified vulnerability in PHPems 6.0/7.0 A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. | 8.8 |
2023-12-09 | CVE-2023-5756 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications BY Supsystic The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. | 8.8 |
2023-12-08 | CVE-2023-6618 | Oretnom23 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. | 8.8 |
2023-12-08 | CVE-2023-47565 | Qnap | Unspecified vulnerability in Qnap QVR Firmware An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. | 8.8 |
2023-12-08 | CVE-2023-46157 | MGT Commerce | OS Command Injection vulnerability in Mgt-Commerce Cloudpanel File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | 8.8 |
2023-12-08 | CVE-2023-43743 | Zultys | SQL Injection vulnerability in Zultys products A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. | 8.8 |
2023-12-07 | CVE-2023-4122 | Imsurajghosh | Unrestricted Upload of File with Dangerous Type vulnerability in Imsurajghosh Student Information System 1.0 Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
2023-12-07 | CVE-2023-6580 | Dlink | Unspecified vulnerability in Dlink Dir-846 Firmware 100A53Dbr A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. | 8.8 |
2023-12-07 | CVE-2023-6576 | Byzoro | Unspecified vulnerability in Byzoro Smart S210 Firmware 20231121 A vulnerability was found in Byzoro S210 up to 20231123. | 8.8 |
2023-12-07 | CVE-2023-49460 | Struktur | Unspecified vulnerability in Struktur Libheif 1.17.5 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | 8.8 |
2023-12-07 | CVE-2023-49462 | Struktur | Unspecified vulnerability in Struktur Libheif 1.17.5 libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | 8.8 |
2023-12-07 | CVE-2023-49463 | Struktur | Unspecified vulnerability in Struktur Libheif 1.17.5 libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | 8.8 |
2023-12-07 | CVE-2023-49464 | Struktur | Unspecified vulnerability in Struktur Libheif 1.17.5 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. | 8.8 |
2023-12-07 | CVE-2023-49465 | Struktur | Out-of-bounds Write vulnerability in Struktur Libde265 1.0.14 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. | 8.8 |
2023-12-07 | CVE-2023-49467 | Struktur | Out-of-bounds Write vulnerability in Struktur Libde265 1.0.14 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. | 8.8 |
2023-12-07 | CVE-2023-49468 | Struktur | Out-of-bounds Write vulnerability in Struktur Libde265 1.0.14 Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. | 8.8 |
2023-12-07 | CVE-2023-6574 | Byzoro | Unspecified vulnerability in Byzoro Smart S20 Firmware 20231120 A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. | 8.8 |
2023-12-07 | CVE-2023-6575 | Byzoro | Unspecified vulnerability in Byzoro Smart S210 Firmware 20231121 A vulnerability was found in Byzoro S210 up to 20231121. | 8.8 |
2023-12-07 | CVE-2023-33412 | Supermicro | Unspecified vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. | 8.8 |
2023-12-07 | CVE-2023-33413 | Supermicro | Use of Hard-coded Credentials vulnerability in Supermicro products The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | 8.8 |
2023-12-07 | CVE-2023-39909 | Ericsson | Unspecified vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | 8.8 |
2023-12-07 | CVE-2023-48207 | Phpjabbers | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | 8.8 |
2023-12-07 | CVE-2023-48826 | Phpjabbers | Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | 8.8 |
2023-12-07 | CVE-2023-48830 | Phpjabbers | Injection vulnerability in PHPjabbers Shuttle Booking Software 2.0 Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | 8.8 |
2023-12-07 | CVE-2023-48835 | Phpjabbers | Injection vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
2023-12-07 | CVE-2023-48841 | Phpjabbers | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
2023-12-06 | CVE-2023-48123 | Netgate | Unspecified vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | 8.8 |
2023-12-06 | CVE-2023-49096 | Jellyfin | Unspecified vulnerability in Jellyfin Jellyfin is a Free Software Media System for managing and streaming media. | 8.8 |
2023-12-06 | CVE-2023-48859 | Totolink | Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958 TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | 8.8 |
2023-12-06 | CVE-2023-6514 | Huawei | Improper Authentication vulnerability in Huawei Ajmd-370S Firmware 103.1.0.110(Sp12C00E2R1P2) The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. | 8.8 |
2023-12-06 | CVE-2023-49897 | FXC | OS Command Injection vulnerability in FXC Ae1021 Firmware and Ae1021Pe Firmware An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. | 8.8 |
2023-12-06 | CVE-2023-22522 | Atlassian | Injection vulnerability in Atlassian Confluence Server This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. | 8.8 |
2023-12-06 | CVE-2023-22523 | Atlassian | Unspecified vulnerability in Atlassian products This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. | 8.8 |
2023-12-06 | CVE-2023-6508 | Google Debian Fedoraproject | Use After Free vulnerability in multiple products Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-12-06 | CVE-2023-6509 | Debian Fedoraproject | Use After Free vulnerability in multiple products Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. | 8.8 |
2023-12-06 | CVE-2023-6510 | Debian Fedoraproject | Use After Free vulnerability in multiple products Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. | 8.8 |
2023-12-05 | CVE-2023-5970 | Sonicwall | Improper Authentication vulnerability in Sonicwall products Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | 8.8 |
2023-12-05 | CVE-2023-49372 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. | 8.8 |
2023-12-05 | CVE-2023-49373 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. | 8.8 |
2023-12-05 | CVE-2023-49374 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. | 8.8 |
2023-12-05 | CVE-2023-49375 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. | 8.8 |
2023-12-05 | CVE-2023-49376 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. | 8.8 |
2023-12-05 | CVE-2023-49377 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. | 8.8 |
2023-12-05 | CVE-2023-49378 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. | 8.8 |
2023-12-05 | CVE-2023-49379 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. | 8.8 |
2023-12-05 | CVE-2023-49380 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. | 8.8 |
2023-12-05 | CVE-2023-49381 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. | 8.8 |
2023-12-05 | CVE-2023-49382 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. | 8.8 |
2023-12-05 | CVE-2023-49383 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. | 8.8 |
2023-12-05 | CVE-2023-49395 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. | 8.8 |
2023-12-05 | CVE-2023-49396 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. | 8.8 |
2023-12-05 | CVE-2023-49397 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | 8.8 |
2023-12-05 | CVE-2023-49398 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. | 8.8 |
2023-12-05 | CVE-2023-49446 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | 8.8 |
2023-12-05 | CVE-2023-49447 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | 8.8 |
2023-12-05 | CVE-2023-49448 | Jfinalcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | 8.8 |
2023-12-05 | CVE-2022-47531 | Ericsson | Unspecified vulnerability in Ericsson Evolved Packet Gateway 2.0/3.0 An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. | 8.8 |
2023-12-05 | CVE-2023-28585 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
2023-12-04 | CVE-2023-24048 | Connectize | Cross-Site Request Forgery (CSRF) vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. | 8.8 |
2023-12-04 | CVE-2023-40087 | Out-of-bounds Write vulnerability in Google Android In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. | 8.8 | |
2023-12-04 | CVE-2023-40088 | Use After Free vulnerability in Google Android In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. | 8.8 | |
2023-12-04 | CVE-2023-5762 | Filr Project | Code Injection vulnerability in Filr Project Filr The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | 8.8 |
2023-12-04 | CVE-2023-5953 | Collne | Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. | 8.8 |
2023-12-04 | CVE-2023-48965 | Thinkadmin | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | 8.8 |
2023-12-04 | CVE-2023-48966 | Thinkadmin | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
2023-12-04 | CVE-2023-44304 | Dell | OS Command Injection vulnerability in Dell Dm5500 Firmware 5.14.0.0 Dell DM5500 contains a privilege escalation vulnerability in the appliance. | 8.8 |
2023-12-04 | CVE-2023-49108 | SEI Info | Path Traversal vulnerability in Sei-Info Rakrak Document Plus Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). | 8.8 |
2023-12-04 | CVE-2023-49093 | Htmlunit | Unspecified vulnerability in Htmlunit HtmlUnit is a GUI-less browser for Java programs. | 8.8 |
2023-12-08 | CVE-2023-46496 | Evershop | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | 8.3 |
2023-12-08 | CVE-2023-26158 | Mockjs | Unspecified vulnerability in Mockjs Mock.Js All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. | 8.2 |
2023-12-08 | CVE-2023-43305 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-07 | CVE-2023-43300 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-07 | CVE-2023-43301 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-07 | CVE-2023-43302 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-07 | CVE-2023-43303 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-07 | CVE-2023-43304 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 |
2023-12-09 | CVE-2023-28868 | NCP E | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 |
2023-12-06 | CVE-2021-27795 | Broadcom | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Fabric Operating System Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. | 8.1 |
2023-12-05 | CVE-2023-43608 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-45838 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-45839 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-45840 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-45841 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-45842 | Buildroot | Download of Code Without Integrity Check vulnerability in Buildroot 2023.08.1 Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. | 8.1 |
2023-12-05 | CVE-2023-44295 | Dell | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. | 8.1 |
2023-12-05 | CVE-2022-46480 | U TEC | Authentication Bypass by Capture-replay vulnerability in U-Tec Ultraloq UL3 BT Firmware 02.27.0012 Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. | 8.1 |
2023-12-04 | CVE-2023-40077 | Race Condition vulnerability in Google Android In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. | 8.1 | |
2023-12-04 | CVE-2023-5332 | Gitlab Hashicorp | Patch in third party library Consul requires 'enable-script-checks' to be set to False. | 8.1 |
2023-12-10 | CVE-2023-50446 | Mullvad | Incorrect Permission Assignment for Critical Resource vulnerability in Mullvad VPN An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. | 7.8 |
2023-12-09 | CVE-2021-46899 | Antonymale | Unspecified vulnerability in Antonymale Synctrayzor 1.1.29 SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. | 7.8 |
2023-12-09 | CVE-2023-28523 | IBM | Out-of-bounds Write vulnerability in IBM products IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. | 7.8 |
2023-12-09 | CVE-2023-49797 | Pyinstaller | Incorrect Permission Assignment for Critical Resource vulnerability in Pyinstaller PyInstaller bundles a Python application and all its dependencies into a single package. | 7.8 |
2023-12-08 | CVE-2023-48402 | Missing Authorization vulnerability in Google Android In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. | 7.8 | |
2023-12-08 | CVE-2023-48407 | Unspecified vulnerability in Google Android there is a possible DCK won't be deleted after factory reset due to a logic error in the code. | 7.8 | |
2023-12-08 | CVE-2023-48409 | Integer Overflow or Wraparound vulnerability in Google Android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2023-12-08 | CVE-2023-48421 | Out-of-bounds Write vulnerability in Google Android In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. | 7.8 | |
2023-12-08 | CVE-2023-32460 | Dell | Missing Authentication for Critical Function vulnerability in Dell products Dell PowerEdge BIOS contains an improper privilege management security vulnerability. | 7.8 |
2023-12-07 | CVE-2023-5058 | Phoenix | Unspecified vulnerability in Phoenix Securecore Technology 4.0 Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | 7.8 |
2023-12-07 | CVE-2023-48861 | Baidu | Uncontrolled Search Path Element vulnerability in Baidu Ttplayer 7.0.2 DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | 7.8 |
2023-12-06 | CVE-2023-39538 | AMI | Unrestricted Upload of File with Dangerous Type vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. | 7.8 |
2023-12-06 | CVE-2023-39539 | AMI | Unrestricted Upload of File with Dangerous Type vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. | 7.8 |
2023-12-06 | CVE-2023-6288 | Devolutions | Code Injection vulnerability in Devolutions Remote Desktop Manager Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. | 7.8 |
2023-12-05 | CVE-2023-49297 | Iterative | Unspecified vulnerability in Iterative Pydrive2 PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. | 7.8 |
2023-12-05 | CVE-2023-46674 | Elastic | Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. | 7.8 |
2023-12-05 | CVE-2023-47304 | Vonage | Improper Authentication vulnerability in Vonage Vdv23 Firmware Vdv213.2.110.5.1 An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. | 7.8 |
2023-12-05 | CVE-2023-21634 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. | 7.8 |
2023-12-05 | CVE-2023-22383 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in camera while installing a fd for a particular DMA buffer. | 7.8 |
2023-12-05 | CVE-2023-22668 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory Corruption in Audio while invoking IOCTLs calls from the user-space. | 7.8 |
2023-12-05 | CVE-2023-28546 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
2023-12-05 | CVE-2023-28550 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
2023-12-05 | CVE-2023-28551 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
2023-12-05 | CVE-2023-28579 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. | 7.8 |
2023-12-05 | CVE-2023-28580 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. | 7.8 |
2023-12-05 | CVE-2023-28587 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. | 7.8 |
2023-12-05 | CVE-2023-33017 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
2023-12-05 | CVE-2023-33018 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
2023-12-05 | CVE-2023-33022 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in HLOS while invoking IOCTL calls from user-space. | 7.8 |
2023-12-05 | CVE-2023-33024 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while sending SMS from AP firmware. | 7.8 |
2023-12-05 | CVE-2023-33053 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in Kernel while parsing metadata. | 7.8 |
2023-12-05 | CVE-2023-33063 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
2023-12-05 | CVE-2023-33071 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | 7.8 |
2023-12-05 | CVE-2023-33079 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption in Audio while running invalid audio recording from ADSP. | 7.8 |
2023-12-05 | CVE-2023-33087 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in Core while processing RX intent request. | 7.8 |
2023-12-05 | CVE-2023-33088 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Memory corruption when processing cmd parameters while parsing vdev. | 7.8 |
2023-12-05 | CVE-2023-33092 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. | 7.8 |
2023-12-05 | CVE-2023-33106 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | 7.8 |
2023-12-05 | CVE-2023-33107 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 7.8 |
2023-12-05 | CVE-2023-42558 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 13.0 Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. | 7.8 |
2023-12-05 | CVE-2023-42560 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/14.0 Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. | 7.8 |
2023-12-05 | CVE-2023-42562 | Samsung | Integer Overflow or Wraparound vulnerability in Samsung Android 12.0/13.0/14.0 Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | 7.8 |
2023-12-05 | CVE-2023-42563 | Samsung | Integer Overflow or Wraparound vulnerability in Samsung Android 12.0/13.0/14.0 Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | 7.8 |
2023-12-05 | CVE-2023-42566 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/14.0 Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. | 7.8 |
2023-12-05 | CVE-2023-42567 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 14.0 Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. | 7.8 |
2023-12-05 | CVE-2023-42574 | Samsung | Unspecified vulnerability in Samsung Gamehomecn Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. | 7.8 |
2023-12-04 | CVE-2023-40079 | Unspecified vulnerability in Google Android 14.0 In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. | 7.8 | |
2023-12-04 | CVE-2023-40080 | Out-of-bounds Write vulnerability in Google Android 13.0/14.0 In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. | 7.8 | |
2023-12-04 | CVE-2023-40084 | Use After Free vulnerability in Google Android In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. | 7.8 | |
2023-12-04 | CVE-2023-40089 | Missing Authorization vulnerability in Google Android 14.0 In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-40091 | Out-of-bounds Write vulnerability in Google Android In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. | 7.8 | |
2023-12-04 | CVE-2023-40094 | Missing Authorization vulnerability in Google Android In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-40095 | Unspecified vulnerability in Google Android In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. | 7.8 | |
2023-12-04 | CVE-2023-40096 | Unspecified vulnerability in Google Android In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. | 7.8 | |
2023-12-04 | CVE-2023-40097 | Improper Input Validation vulnerability in Google Android In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. | 7.8 | |
2023-12-04 | CVE-2023-40103 | Double Free vulnerability in Google Android 14.0 In multiple locations, there is a possible way to corrupt memory due to a double free. | 7.8 | |
2023-12-04 | CVE-2023-45773 | Out-of-bounds Write vulnerability in Google Android 13.0/14.0 In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-12-04 | CVE-2023-45774 | Unspecified vulnerability in Google Android In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. | 7.8 | |
2023-12-04 | CVE-2023-45775 | Out-of-bounds Write vulnerability in Google Android 14.0 In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-12-04 | CVE-2023-45776 | Out-of-bounds Write vulnerability in Google Android 14.0 In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-12-04 | CVE-2023-45777 | Unspecified vulnerability in Google Android 13.0/14.0 In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. | 7.8 | |
2023-12-04 | CVE-2023-45779 | Unspecified vulnerability in Google Android In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. | 7.8 | |
2023-12-04 | CVE-2023-5944 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Dopsoft Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. | 7.8 |
2023-12-04 | CVE-2023-41613 | Ezviz | Uncontrolled Search Path Element vulnerability in Ezviz Studio 2.2.0 EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | 7.8 |
2023-12-04 | CVE-2023-32804 | ARM | Out-of-bounds Write vulnerability in ARM products Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0. | 7.8 |
2023-12-04 | CVE-2023-32847 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In audio, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-12-04 | CVE-2023-32850 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In decoder, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2023-12-04 | CVE-2023-32851 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In decoder, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-12-04 | CVE-2023-42681 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In ion service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42685 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42686 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42687 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42688 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42689 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42690 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42691 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42692 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42693 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42694 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42695 | Missing Authorization vulnerability in Google Android 10.0 In wifi service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42696 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42736 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42738 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telocom service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42739 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42740 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42743 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42745 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42746 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In power manager, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42747 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In camera service, there is a possible missing permission check. | 7.8 | |
2023-12-04 | CVE-2023-42748 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 7.8 | |
2023-12-10 | CVE-2023-6656 | Iperov | Unspecified vulnerability in Iperov Deepfacelab Df.Wf.288Res.384.92.72.22 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. | 7.5 |
2023-12-10 | CVE-2023-50455 | Zammad | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 7.5 |
2023-12-10 | CVE-2023-50449 | Jfinalcms Project | Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | 7.5 |
2023-12-09 | CVE-2023-49798 | Openzeppelin | Unspecified vulnerability in Openzeppelin Contracts and Contracts Upgradeable OpenZeppelin Contracts is a library for smart contract development. | 7.5 |
2023-12-09 | CVE-2023-49799 | Johannschopplich | Unspecified vulnerability in Johannschopplich Nuxt API Party `nuxt-api-party` is an open source module to proxy API requests. | 7.5 |
2023-12-09 | CVE-2023-49800 | Johannschopplich | Out-of-bounds Write vulnerability in Johannschopplich Nuxt API Party `nuxt-api-party` is an open source module to proxy API requests. | 7.5 |
2023-12-08 | CVE-2023-6337 | Hashicorp | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. | 7.5 |
2023-12-08 | CVE-2023-48398 | Out-of-bounds Read vulnerability in Google Android In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-12-08 | CVE-2023-48403 | Out-of-bounds Write vulnerability in Google Android In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. | 7.5 | |
2023-12-08 | CVE-2023-48404 | Out-of-bounds Read vulnerability in Google Android In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-12-08 | CVE-2023-48410 | Out-of-bounds Read vulnerability in Google Android In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2023-12-08 | CVE-2023-48416 | NULL Pointer Dereference vulnerability in Google Android In multiple locations, there is a possible null dereference due to a missing null check. | 7.5 | |
2023-12-08 | CVE-2023-6245 | Dfinity | Infinite Loop vulnerability in Dfinity Candid The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. | 7.5 |
2023-12-08 | CVE-2023-6608 | Tongda2000 | Unspecified vulnerability in Tongda2000 Tongda OA and Tongda Office Anywhere A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. | 7.5 |
2023-12-08 | CVE-2023-6611 | Tongda2000 | Unspecified vulnerability in Tongda2000 Tongda OA and Tongda Office Anywhere A vulnerability was found in Tongda OA 2017 up to 11.9. | 7.5 |
2023-12-08 | CVE-2023-6607 | Tongda2000 | Unspecified vulnerability in Tongda2000 Tongda Office Anywhere 2017 A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. | 7.5 |
2023-12-08 | CVE-2023-48122 | Microweber | Unspecified vulnerability in Microweber 2.0.1/2.0.2/2.0.3 An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. | 7.5 |
2023-12-07 | CVE-2023-4486 | Johnsoncontrols | Allocation of Resources Without Limits or Throttling vulnerability in Johnsoncontrols products Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | 7.5 |
2023-12-07 | CVE-2023-33411 | Supermicro | Path Traversal vulnerability in Supermicro products A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | 7.5 |
2023-12-07 | CVE-2023-49967 | Typecho | XML Entity Expansion vulnerability in Typecho 1.2.1 Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. | 7.5 |
2023-12-07 | CVE-2023-49955 | Dallmann Consulting | Unspecified vulnerability in Dallmann-Consulting Open Charge Point Protocol 0.1/1.1.0/1.2.0 An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. | 7.5 |
2023-12-07 | CVE-2023-49956 | Dallmann Consulting | Unspecified vulnerability in Dallmann-Consulting Open Charge Point Protocol 0.1/1.1.0/1.2.0 An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. | 7.5 |
2023-12-07 | CVE-2023-49957 | Dallmann Consulting | Unspecified vulnerability in Dallmann-Consulting Open Charge Point Protocol 0.1/1.1.0/1.2.0 An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. | 7.5 |
2023-12-07 | CVE-2023-49958 | Dallmann Consulting | Improper Input Validation vulnerability in Dallmann-Consulting Open Charge Point Protocol 0.1/1.1.0/1.2.0 An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. | 7.5 |
2023-12-07 | CVE-2023-48831 | Phpjabbers | Resource Exhaustion vulnerability in PHPjabbers Availability Booking Calendar 5.0 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | 7.5 |
2023-12-07 | CVE-2023-48833 | Phpjabbers | Resource Exhaustion vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | 7.5 |
2023-12-07 | CVE-2023-48834 | Phpjabbers | Resource Exhaustion vulnerability in PHPjabbers CAR Rental Script 3.0 A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | 7.5 |
2023-12-07 | CVE-2023-48840 | Phpjabbers | Resource Exhaustion vulnerability in PHPjabbers Appointment Scheduler 3.0 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 |
2023-12-07 | CVE-2023-46307 | Buddho | Path Traversal vulnerability in Buddho Etcd Browser An issue was discovered in server.js in etcd-browser 87ae63d75260. | 7.5 |
2023-12-07 | CVE-2023-41106 | Zimbra | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
2023-12-07 | CVE-2023-5761 | Burst Statistics | SQL Injection vulnerability in Burst-Statistics Burst Statistics The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2023-12-06 | CVE-2023-46354 | Myprestamodules | Missing Authorization vulnerability in Myprestamodules Orders (Csv, Excel) Export PRO In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. | 7.5 |
2023-12-06 | CVE-2023-46751 | Artifex | Use After Free vulnerability in Artifex Ghostscript An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | 7.5 |
2023-12-06 | CVE-2023-45285 | Golang | Unspecified vulnerability in Golang GO Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. | 7.5 |
2023-12-06 | CVE-2023-44099 | Huawei | Improper Check for Unusual or Exceptional Conditions vulnerability in Huawei Emui and Harmonyos Vulnerability of data verification errors in the kernel module. | 7.5 |
2023-12-06 | CVE-2023-44113 | Huawei | Missing Authorization vulnerability in Huawei Emui and Harmonyos Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. | 7.5 |
2023-12-06 | CVE-2023-49239 | Huawei | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the card management module. | 7.5 |
2023-12-06 | CVE-2023-49240 | Huawei | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the launcher module. | 7.5 |
2023-12-06 | CVE-2023-49241 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos API permission control vulnerability in the network management module. | 7.5 |
2023-12-06 | CVE-2023-49242 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Free broadcast vulnerability in the running management module. | 7.5 |
2023-12-06 | CVE-2023-49243 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of unauthorized access to email attachments in the email module. | 7.5 |
2023-12-06 | CVE-2023-49244 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Permission management vulnerability in the multi-user module. | 7.5 |
2023-12-06 | CVE-2023-49245 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the Huawei Share module. | 7.5 |
2023-12-06 | CVE-2023-49246 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the card management module. | 7.5 |
2023-12-06 | CVE-2023-49247 | Huawei | Improper Certificate Validation vulnerability in Huawei Emui and Harmonyos Permission verification vulnerability in distributed scenarios. | 7.5 |
2023-12-05 | CVE-2023-45287 | Golang | Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. | 7.5 |
2023-12-05 | CVE-2023-43628 | Gpsd Project | Integer Underflow (Wrap or Wraparound) vulnerability in Gpsd Project Gpsd 3.25.1 An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. | 7.5 |
2023-12-05 | CVE-2023-41835 | Apache | Incomplete Cleanup vulnerability in Apache Struts When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. | 7.5 |
2023-12-05 | CVE-2023-43472 | Lfprojects | Unspecified vulnerability in Lfprojects Mlflow An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | 7.5 |
2023-12-05 | CVE-2023-37572 | Softing | Incorrect Default Permissions vulnerability in Softing OPC Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. | 7.5 |
2023-12-05 | CVE-2023-39248 | Dell | Unspecified vulnerability in Dell Networking Os10 10.5.5.5 Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. | 7.5 |
2023-12-05 | CVE-2023-44288 | Dell | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. | 7.5 |
2023-12-05 | CVE-2023-28588 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Transient DOS in Bluetooth Host while rfc slot allocation. | 7.5 |
2023-12-05 | CVE-2023-33041 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
2023-12-05 | CVE-2023-33042 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Transient DOS in Modem after RRC Setup message is received. | 7.5 |
2023-12-05 | CVE-2023-33043 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. | 7.5 |
2023-12-05 | CVE-2023-33044 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS in Data modem while handling TLB control messages from the Network. | 7.5 |
2023-12-05 | CVE-2023-33080 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
2023-12-05 | CVE-2023-33081 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
2023-12-05 | CVE-2023-33089 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Transient DOS when processing a NULL buffer while parsing WLAN vdev. | 7.5 |
2023-12-05 | CVE-2023-33097 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in WLAN Firmware while processing a FTMR frame. | 7.5 |
2023-12-05 | CVE-2023-33098 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | 7.5 |
2023-12-05 | CVE-2023-42578 | Samsung | Improper Handling of Exceptional Conditions vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8/5.2.00.7 Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. | 7.5 |
2023-12-05 | CVE-2023-42581 | Samsung | Unspecified vulnerability in Samsung Galaxy Store Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | 7.5 |
2023-12-04 | CVE-2023-21227 | Unspecified vulnerability in Google Android In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. | 7.5 | |
2023-12-04 | CVE-2023-40459 | Sierrawireless | NULL Pointer Dereference vulnerability in Sierrawireless Aleos The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. | 7.5 |
2023-12-04 | CVE-2023-40462 | Sierrawireless Debian | Reachable Assertion vulnerability in multiple products The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. | 7.5 |
2023-12-04 | CVE-2023-49285 | Squid Cache | Out-of-bounds Read vulnerability in Squid-Cache Squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. | 7.5 |
2023-12-04 | CVE-2023-49286 | Squid Cache | Reachable Assertion vulnerability in Squid-Cache Squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. | 7.5 |
2023-12-04 | CVE-2023-49288 | Squid Cache | Unspecified vulnerability in Squid-Cache Squid Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. | 7.5 |
2023-12-04 | CVE-2023-6063 | Wpfastestcache | SQL Injection vulnerability in Wpfastestcache WP Fastest Cache The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | 7.5 |
2023-12-04 | CVE-2023-47633 | Traefik | Unspecified vulnerability in Traefik Traefik is an open source HTTP reverse proxy and load balancer. | 7.5 |
2023-12-04 | CVE-2023-48863 | SEM CMS | SQL Injection vulnerability in Sem-Cms Semcms 3.9 SEMCMS 3.9 is vulnerable to SQL Injection. | 7.5 |
2023-12-04 | CVE-2023-6481 | QOS | Unspecified vulnerability in QOS Logback 1.2.12/1.3.13/1.4.13 A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | 7.5 |
2023-12-04 | CVE-2023-32841 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-32842 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-32843 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-32844 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-32845 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-32846 | Mediatek | Reachable Assertion vulnerability in Mediatek Nr15, Nr16 and Nr17 In 5G Modem, there is a possible system crash due to improper error handling. | 7.5 |
2023-12-04 | CVE-2023-29258 | IBM | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. | 7.5 |
2023-12-04 | CVE-2023-38727 | IBM | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. | 7.5 |
2023-12-04 | CVE-2023-40687 | IBM | Unspecified vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. | 7.5 |
2023-12-04 | CVE-2023-42716 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0 In telephony service, there is a possible missing permission check. | 7.5 | |
2023-12-04 | CVE-2023-42717 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0 In telephony service, there is a possible missing permission check. | 7.5 | |
2023-12-04 | CVE-2023-46167 | IBM | Unspecified vulnerability in IBM DB2 11.5.6/11.5.8 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. | 7.5 |
2023-12-04 | CVE-2023-47701 | IBM | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 7.5 |
2023-12-04 | CVE-2023-40692 | IBM | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. | 7.5 |
2023-12-08 | CVE-2023-49788 | Collaboraoffice | Unspecified vulnerability in Collaboraoffice Richdocumentscode 23.5.5/23.5.601 Collabora Online is a collaborative online office suite based on LibreOffice technology. | 7.2 |
2023-12-08 | CVE-2023-32968 | Qnap | Unspecified vulnerability in Qnap QTS and Quts Hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
2023-12-08 | CVE-2023-32975 | Qnap | Unspecified vulnerability in Qnap QTS and Quts Hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
2023-12-08 | CVE-2023-43744 | Zultys | OS Command Injection vulnerability in Zultys products An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. | 7.2 |
2023-12-06 | CVE-2023-32268 | Microfocus | Insufficiently Protected Credentials vulnerability in Microfocus Filr Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | 7.2 |
2023-12-05 | CVE-2023-44221 | Sonicwall | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | 7.2 |
2023-12-04 | CVE-2023-40463 | Sierrawireless | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | 7.2 |
2023-12-04 | CVE-2023-5108 | Alphabpo | SQL Injection vulnerability in Alphabpo Easy Newsletter Signups 1.0.4 The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-12-04 | CVE-2023-44291 | Dell | OS Command Injection vulnerability in Dell Powerprotect Data Manager Dm5500 Firmware Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. | 7.2 |
2023-12-04 | CVE-2023-38003 | IBM | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. | 7.2 |
2023-12-08 | CVE-2023-6606 | Linux Redhat | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. | 7.1 |
2023-12-08 | CVE-2023-6610 | Linux Redhat | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. | 7.1 |
2023-12-06 | CVE-2023-2861 | Qemu | Unspecified vulnerability in Qemu A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. | 7.1 |
288 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-05 | CVE-2023-44297 | Dell | Improper Locking vulnerability in Dell products Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. | 6.8 |
2023-12-05 | CVE-2023-44298 | Dell | Improper Locking vulnerability in Dell products Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. | 6.8 |
2023-12-05 | CVE-2023-42561 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 11.0/14.0 Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | 6.8 |
2023-12-05 | CVE-2023-42571 | Samsung | Unspecified vulnerability in Samsung Find MY Mobile Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device. | 6.8 |
2023-12-05 | CVE-2023-42575 | Samsung | Incorrect Authorization vulnerability in Samsung Pass 4.0.05.1/4.2.03.1 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | 6.8 |
2023-12-05 | CVE-2023-42576 | Samsung | Improper Authentication vulnerability in Samsung Pass 4.0.05.1/4.2.03.1 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. | 6.8 |
2023-12-04 | CVE-2023-24046 | Connectize | Command Injection vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. | 6.8 |
2023-12-04 | CVE-2023-24047 | Connectize | Insufficiently Protected Credentials vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. | 6.8 |
2023-12-04 | CVE-2023-40464 | Sierrawireless | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. | 6.8 |
2023-12-08 | CVE-2023-48405 | Unspecified vulnerability in Google Android there is a possible way for the secure world to write to NS memory due to a logic error in the code. | 6.7 | |
2023-12-08 | CVE-2023-48406 | Unspecified vulnerability in Google Android there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. | 6.7 | |
2023-12-08 | CVE-2023-48414 | Use After Free vulnerability in Google Android In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. | 6.7 | |
2023-12-05 | CVE-2023-42557 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0 Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. | 6.7 |
2023-12-05 | CVE-2023-42565 | Samsung | Unspecified vulnerability in Samsung Android 13.0/14.0 Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. | 6.7 |
2023-12-04 | CVE-2023-32848 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In vdec, there is a possible out of bounds write due to type confusion. | 6.7 | |
2023-12-04 | CVE-2023-32849 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In cmdq, there is a possible out of bounds write due to type confusion. | 6.7 | |
2023-12-04 | CVE-2023-32853 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In rpmb, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32854 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32855 | Linuxfoundation Rdkcentral Openwrt | Missing Authorization vulnerability in multiple products In aee, there is a possible escalation of privilege due to a missing permission check. | 6.7 |
2023-12-04 | CVE-2023-32859 | Classic Buffer Overflow vulnerability in Google Android 12.0/13.0 In meta, there is a possible classic buffer overflow due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32860 | Classic Buffer Overflow vulnerability in Google Android 12.0/13.0 In display, there is a possible classic buffer overflow due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32861 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display, there is a possible out of bounds read due to an incorrect bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32862 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display, there is a possible out of bounds read due to an incorrect bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32863 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32864 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32865 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32866 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In mmp, there is a possible memory corruption due to an incorrect bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32867 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32868 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32869 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-32870 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2023-12-04 | CVE-2023-42722 | Use After Free vulnerability in Google Android 11.0 In camera service, there is a possible use after free due to a logic error. | 6.7 | |
2023-12-05 | CVE-2023-49284 | Fishshell | Unspecified vulnerability in Fishshell Fish fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. | 6.6 |
2023-12-10 | CVE-2023-50463 | Caddyserver | Authentication Bypass by Spoofing vulnerability in Caddyserver Caddy 0.5.0/0.5.1/0.6.0 The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). | 6.5 |
2023-12-09 | CVE-2023-28869 | NCP E | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 |
2023-12-09 | CVE-2023-28870 | NCP E | Incorrect Default Permissions vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | 6.5 |
2023-12-07 | CVE-2023-6578 | Softwareag | Unspecified vulnerability in Softwareag Webmethods A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. | 6.5 |
2023-12-07 | CVE-2023-47440 | Gladysassistant | Path Traversal vulnerability in Gladysassistant Gladys Assistant Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. | 6.5 |
2023-12-07 | CVE-2023-6588 | Devolutions | Unspecified vulnerability in Devolutions Workspace Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. | 6.5 |
2023-12-07 | CVE-2022-45362 | Paytm | Server-Side Request Forgery (SSRF) vulnerability in Paytm Payment Gateway 2.7.0 Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | 6.5 |
2023-12-07 | CVE-2023-46218 | Haxx Fedoraproject | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. | 6.5 |
2023-12-07 | CVE-2023-6566 | Microweber | Unspecified vulnerability in Microweber Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | 6.5 |
2023-12-06 | CVE-2023-6512 | Debian Fedoraproject | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. | 6.5 |
2023-12-06 | CVE-2023-24547 | Arista | Cleartext Transmission of Sensitive Information vulnerability in Arista MOS 0.13.0/0.25/0.39.4 On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | 6.5 |
2023-12-05 | CVE-2023-46736 | Espocrm | Unspecified vulnerability in Espocrm EspoCRM is an Open Source CRM (Customer Relationship Management) software. | 6.5 |
2023-12-05 | CVE-2023-28586 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
2023-12-05 | CVE-2023-26941 | Assaabloy | Inadequate Encryption Strength vulnerability in Assaabloy Yale Conexis L1 Firmware 1.1.0 Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
2023-12-05 | CVE-2023-26942 | Assaabloy | Inadequate Encryption Strength vulnerability in Assaabloy Yale Ia-210 Firmware 1.0 Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
2023-12-05 | CVE-2023-26943 | Assaabloy | Inadequate Encryption Strength vulnerability in Assaabloy Yale Keyless Smart Lock Firmware 1.0 Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
2023-12-05 | CVE-2023-5808 | Hitachi | Improper Authentication vulnerability in Hitachi Vantara Hitachi Network Attached Storage 14.6.7520.04/14.8.7825.01 SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. | 6.5 |
2023-12-04 | CVE-2023-40090 | Information Exposure Through Discrepancy vulnerability in Google Android In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. | 6.5 | |
2023-12-04 | CVE-2023-49280 | Xwiki | Unspecified vulnerability in Xwiki Change Request XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. | 6.5 |
2023-12-04 | CVE-2023-5105 | Najeebmedia | Path Traversal vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` | 6.5 |
2023-12-04 | CVE-2023-5884 | Back2Nature | Cross-Site Request Forgery (CSRF) vulnerability in Back2Nature Word Balloon The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. | 6.5 |
2023-12-04 | CVE-2023-5979 | Implecode | Cross-Site Request Forgery (CSRF) vulnerability in Implecode Ecommerce Product Catalog The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | 6.5 |
2023-12-04 | CVE-2023-5990 | Funnelforms | Cross-Site Request Forgery (CSRF) vulnerability in Funnelforms Free The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | 6.5 |
2023-12-04 | CVE-2023-47106 | Traefik | Unspecified vulnerability in Traefik Traefik is an open source HTTP reverse proxy and load balancer. | 6.5 |
2023-12-04 | CVE-2023-44306 | Dell | Path Traversal vulnerability in Dell Dm5500 Firmware 5.14.0.0 Dell DM5500 contains a path traversal vulnerability in the appliance. | 6.5 |
2023-12-09 | CVE-2023-50430 | Goodix | Improper Authentication vulnerability in Goodix Fingerprint Sensor Firmware The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint. | 6.4 |
2023-12-08 | CVE-2023-48420 | Race Condition vulnerability in Google Android there is a possible use after free due to a race condition. | 6.4 | |
2023-12-08 | CVE-2023-45866 | Google Canonical Apple Fedoraproject Debian | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
2023-12-10 | CVE-2022-48614 | Semantic Mediawiki | Cross-site Scripting vulnerability in Semantic-Mediawiki Semantic Mediawiki Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. | 6.1 |
2023-12-10 | CVE-2023-6650 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Invoice Generator System 1.0 A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. | 6.1 |
2023-12-10 | CVE-2023-6649 | Phpgurukul | Unspecified vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0 A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. | 6.1 |
2023-12-09 | CVE-2023-28874 | Seafile | Open Redirect vulnerability in Seafile 9.0.6 The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | 6.1 |
2023-12-08 | CVE-2023-46494 | Evershop | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | 6.1 |
2023-12-08 | CVE-2023-46495 | Evershop | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | 6.1 |
2023-12-08 | CVE-2023-46499 | Evershop | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | 6.1 |
2023-12-08 | CVE-2023-49782 | Collaboraoffice | Unspecified vulnerability in Collaboraoffice Richdocumentscode 23.5.5 Collabora Online is a collaborative online office suite based on LibreOffice technology. | 6.1 |
2023-12-08 | CVE-2023-6616 | Oretnom23 | Unspecified vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. | 6.1 |
2023-12-08 | CVE-2023-23372 | Qnap | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. | 6.1 |
2023-12-08 | CVE-2023-6609 | Oscommerce | Cross-site Scripting vulnerability in Oscommerce 4.0 A vulnerability was found in osCommerce 4. | 6.1 |
2023-12-08 | CVE-2023-48928 | Franklin Electric | Open Redirect vulnerability in Franklin-Electric System Sentinel Anyware 1.6.24.492 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. | 6.1 |
2023-12-07 | CVE-2023-46693 | Formalms | Cross-site Scripting vulnerability in Formalms Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. | 6.1 |
2023-12-07 | CVE-2023-41170 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | 6.1 |
2023-12-07 | CVE-2023-49492 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | 6.1 |
2023-12-07 | CVE-2023-49493 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | 6.1 |
2023-12-07 | CVE-2023-45762 | Michaeluno | Unspecified vulnerability in Michaeluno Responsive Column Widgets URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | 6.1 |
2023-12-07 | CVE-2023-47548 | Softlabbd | Unspecified vulnerability in Softlabbd Integrate Google Drive URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | 6.1 |
2023-12-07 | CVE-2023-47779 | Crmperks | Unspecified vulnerability in Crmperks Integration for Constant Contact and Contact Form 7, Wpforms, Elementor, Ninja URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. | 6.1 |
2023-12-07 | CVE-2023-48325 | Pluginops | Unspecified vulnerability in Pluginops Landing Page Builder URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | 6.1 |
2023-12-07 | CVE-2023-48206 | Mayurik | Cross-site Scripting vulnerability in Mayurik Courier Management System 1.0 A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. | 6.1 |
2023-12-07 | CVE-2023-48208 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | 6.1 |
2023-12-07 | CVE-2023-49225 | Ruckuswireless | Cross-site Scripting vulnerability in Ruckuswireless products A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). | 6.1 |
2023-12-07 | CVE-2023-43102 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
2023-12-07 | CVE-2023-43103 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |
2023-12-07 | CVE-2023-6568 | Lfprojects | Cross-site Scripting vulnerability in Lfprojects Mlflow A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. | 6.1 |
2023-12-06 | CVE-2023-46688 | Pleasanter | Open Redirect vulnerability in Pleasanter Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | 6.1 |
2023-12-06 | CVE-2023-6527 | I13Websolution | Cross-site Scripting vulnerability in I13Websolution Email Subscription Popup The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. | 6.1 |
2023-12-05 | CVE-2023-45084 | Softiron | Improper Synchronization vulnerability in Softiron Hypercloud An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3. | 6.1 |
2023-12-04 | CVE-2023-49293 | Vitejs | Unspecified vulnerability in Vitejs Vite Vite is a website frontend framework. | 6.1 |
2023-12-04 | CVE-2023-5141 | Bannersky | Cross-site Scripting vulnerability in Bannersky BSK Contact Form 7 Blacklist 1.0.1 The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-12-04 | CVE-2023-5210 | AMP Cloud | Cross-site Scripting vulnerability in Amp-Cloud AMP Plus 3.0 The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-12-04 | CVE-2023-5951 | Collne | Cross-site Scripting vulnerability in Collne Welcart The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-12-04 | CVE-2023-48815 | Keking | Open Redirect vulnerability in Keking Kkfileview 4.1.0/4.3.0 kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | 6.1 |
2023-12-04 | CVE-2023-5767 | Hitachienergy | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. | 6.1 |
2023-12-04 | CVE-2023-5768 | Hitachienergy | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 6.1 |
2023-12-10 | CVE-2023-50454 | Zammad | Improper Certificate Validation vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.9 |
2023-12-06 | CVE-2023-26154 | Pubnub | Insufficient Entropy vulnerability in Pubnub products Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. | 5.9 |
2023-12-04 | CVE-2023-47124 | Traefik | Unspecified vulnerability in Traefik Traefik is an open source HTTP reverse proxy and load balancer. | 5.9 |
2023-12-09 | CVE-2023-50431 | Linux | Unspecified vulnerability in Linux Kernel sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. | 5.5 |
2023-12-09 | CVE-2023-47465 | Gpac | Unspecified vulnerability in Gpac An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. | 5.5 |
2023-12-09 | CVE-2023-28526 | IBM | Out-of-bounds Write vulnerability in IBM products IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. | 5.5 |
2023-12-09 | CVE-2023-28527 | IBM | Out-of-bounds Write vulnerability in IBM products IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. | 5.5 |
2023-12-09 | CVE-2023-47722 | IBM | Insufficiently Protected Credentials vulnerability in IBM API Connect 10.0.5.3/10.0.6.0 IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. | 5.5 |
2023-12-09 | CVE-2023-6560 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. | 5.5 |
2023-12-08 | CVE-2023-34320 | ARM XEN | Improper Locking vulnerability in multiple products Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. | 5.5 |
2023-12-08 | CVE-2023-6622 | Linux Redhat | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. | 5.5 |
2023-12-08 | CVE-2023-48399 | Out-of-bounds Read vulnerability in Google Android In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-08 | CVE-2023-48401 | Out-of-bounds Read vulnerability in Google Android In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. | 5.5 | |
2023-12-08 | CVE-2023-48408 | Out-of-bounds Read vulnerability in Google Android In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-08 | CVE-2023-48411 | Out-of-bounds Read vulnerability in Google Android In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-08 | CVE-2023-48412 | Unspecified vulnerability in Google Android In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. | 5.5 | |
2023-12-08 | CVE-2023-48415 | Out-of-bounds Read vulnerability in Google Android In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-08 | CVE-2023-48422 | Out-of-bounds Read vulnerability in Google Android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-07 | CVE-2023-48958 | Gpac | Memory Leak vulnerability in Gpac 2.3Devrev617G671976Fccmaster gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. | 5.5 |
2023-12-07 | CVE-2023-40238 | Insyde | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. | 5.5 |
2023-12-06 | CVE-2023-49248 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of unauthorized file access in the Settings app. | 5.5 |
2023-12-05 | CVE-2023-33070 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | 5.5 |
2023-12-05 | CVE-2023-42556 | Samsung | Unspecified vulnerability in Samsung Android 11.0/14.0 Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information. | 5.5 |
2023-12-05 | CVE-2023-42564 | Samsung | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. | 5.5 |
2023-12-05 | CVE-2023-42572 | Samsung | Unspecified vulnerability in Samsung Account web Software Development KIT Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. | 5.5 |
2023-12-05 | CVE-2023-42573 | Samsung | Unspecified vulnerability in Samsung Search Widget PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. | 5.5 |
2023-12-04 | CVE-2023-35668 | Unspecified vulnerability in Google Android In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. | 5.5 | |
2023-12-04 | CVE-2023-40073 | Unspecified vulnerability in Google Android In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. | 5.5 | |
2023-12-04 | CVE-2023-40074 | Unspecified vulnerability in Google Android In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. | 5.5 | |
2023-12-04 | CVE-2023-40075 | Unspecified vulnerability in Google Android In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-40076 | Unspecified vulnerability in Google Android 14.0 In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. | 5.5 | |
2023-12-04 | CVE-2023-40081 | Unspecified vulnerability in Google Android In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. | 5.5 | |
2023-12-04 | CVE-2023-40083 | Out-of-bounds Read vulnerability in Google Android In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-40092 | Unspecified vulnerability in Google Android In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. | 5.5 | |
2023-12-04 | CVE-2023-40098 | Unspecified vulnerability in Google Android In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. | 5.5 | |
2023-12-04 | CVE-2023-40465 | Sierrawireless | Out-of-bounds Write vulnerability in Sierrawireless Aleos Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. | 5.5 |
2023-12-04 | CVE-2023-45781 | Out-of-bounds Read vulnerability in Google Android In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-6460 | Information Exposure Through Log Files vulnerability in Google Cloud Firestore A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. | 5.5 | |
2023-12-04 | CVE-2023-44300 | Dell | Insufficiently Protected Credentials vulnerability in Dell Powerprotect Data Manager Dm5500 Firmware Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. | 5.5 |
2023-12-04 | CVE-2022-48462 | Out-of-bounds Write vulnerability in Google Android 10.0 In wifi service, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2022-48463 | Out-of-bounds Write vulnerability in Google Android 10.0 In wifi service, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2022-48464 | Out-of-bounds Write vulnerability in Google Android 10.0 In wifi service, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-42671 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42672 | Missing Authorization vulnerability in Google Android 11.0/12.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42673 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42674 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42675 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42676 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42677 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42678 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42697 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42698 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42699 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42700 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42701 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42702 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42703 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42704 | Missing Authorization vulnerability in Google Android 11.0/12.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42705 | Missing Authorization vulnerability in Google Android 11.0/12.0 In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42706 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42707 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42708 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42709 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42710 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42711 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42712 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42713 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42714 | Missing Authorization vulnerability in Google Android 11.0/12.0 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42715 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42718 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0/13.0 In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42719 | Out-of-bounds Read vulnerability in Google Android 12.0 In video service, there is a possible out of bounds read due to a incorrect bounds check. | 5.5 | |
2023-12-04 | CVE-2023-42720 | Out-of-bounds Read vulnerability in Google Android 11.0 In video service, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-42721 | Unspecified vulnerability in Google Android 11.0 In flv extractor, there is a possible missing verification incorrect input. | 5.5 | |
2023-12-04 | CVE-2023-42723 | Out-of-bounds Read vulnerability in Google Android 11.0 In camera service, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-42728 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In phasecheckserver, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2023-12-04 | CVE-2023-42730 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42732 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42733 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42734 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42737 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42741 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42742 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In sysui, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42744 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telecom service, there is a possible missing permission check. | 5.5 | |
2023-12-04 | CVE-2023-42749 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. | 5.5 | |
2023-12-09 | CVE-2023-6646 | Sissbruecker | Unspecified vulnerability in Sissbruecker Linkding 1.23.0 A vulnerability classified as problematic has been found in linkding 1.23.0. | 5.4 |
2023-12-09 | CVE-2023-28873 | Seafile | Cross-site Scripting vulnerability in Seafile 9.0.6 An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. | 5.4 |
2023-12-09 | CVE-2020-25835 | Microfocus | Cross-site Scripting vulnerability in Microfocus Arcsight Management Center A potential vulnerability has been identified in Micro Focus ArcSight Management Center. | 5.4 |
2023-12-08 | CVE-2023-46497 | Evershop | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | 5.4 |
2023-12-08 | CVE-2023-49444 | Html JS | Cross-site Scripting vulnerability in Html-Js Doracms 2.1.8 An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. | 5.4 |
2023-12-08 | CVE-2023-49484 | Iteachyou | Cross-site Scripting vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. | 5.4 |
2023-12-08 | CVE-2023-49485 | Jfinalcms Project | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | 5.4 |
2023-12-08 | CVE-2023-49486 | Jfinalcms Project | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | 5.4 |
2023-12-08 | CVE-2023-49487 | Jfinalcms Project | Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | 5.4 |
2023-12-08 | CVE-2023-6146 | Qualys | Cross-site Scripting vulnerability in Qualys Private Cloud Platform A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. | 5.4 |
2023-12-07 | CVE-2023-41168 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | 5.4 |
2023-12-07 | CVE-2023-41169 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | 5.4 |
2023-12-07 | CVE-2023-41171 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | 5.4 |
2023-12-07 | CVE-2023-41172 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | 5.4 |
2023-12-07 | CVE-2023-41905 | Netscout | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | 5.4 |
2023-12-07 | CVE-2023-6333 | Controlbyweb | Cross-site Scripting vulnerability in Controlbyweb products The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session. | 5.4 |
2023-12-07 | CVE-2023-46974 | Mayurik | Cross-site Scripting vulnerability in Mayurik Courier Management System 1.0 Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. | 5.4 |
2023-12-07 | CVE-2023-41804 | Brainstormforce | Unspecified vulnerability in Brainstormforce Starter Templates Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | 5.4 |
2023-12-07 | CVE-2023-46641 | Code4Recovery | Unspecified vulnerability in Code4Recovery 12 Step Meeting List Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24. | 5.4 |
2023-12-07 | CVE-2023-48824 | Boidcms | Cross-site Scripting vulnerability in Boidcms 2.0.1 BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. | 5.4 |
2023-12-07 | CVE-2023-48825 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
2023-12-07 | CVE-2023-48827 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
2023-12-07 | CVE-2023-48828 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
2023-12-07 | CVE-2023-48836 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
2023-12-07 | CVE-2023-48837 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
2023-12-07 | CVE-2023-48838 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 |
2023-12-07 | CVE-2023-48839 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
2023-12-07 | CVE-2023-46857 | Squidex IO | Cross-site Scripting vulnerability in Squidex.Io Squidex Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. | 5.4 |
2023-12-07 | CVE-2023-48172 | Phpjabbers | Cross-site Scripting vulnerability in PHPjabbers Shuttle Booking Software 2.0 A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | 5.4 |
2023-12-07 | CVE-2023-28017 | Hcltech | Cross-site Scripting vulnerability in Hcltech Connections HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. | 5.4 |
2023-12-06 | CVE-2023-34439 | Pleasanter | Cross-site Scripting vulnerability in Pleasanter Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. | 5.4 |
2023-12-06 | CVE-2023-48940 | Daicuo | Cross-site Scripting vulnerability in Daicuo 2.5.15 A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
2023-12-06 | CVE-2023-28875 | Afian | Cross-site Scripting vulnerability in Afian Filerun 2022.02.02 A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | 5.4 |
2023-12-05 | CVE-2023-49289 | Michaelschwarz | Cross-site Scripting vulnerability in Michaelschwarz Ajax.Net Professional Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. | 5.4 |
2023-12-04 | CVE-2023-24050 | Connectize | Cross-site Scripting vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. | 5.4 |
2023-12-04 | CVE-2023-40460 | Sierrawireless | Cross-site Scripting vulnerability in Sierrawireless Aleos The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. | 5.4 |
2023-12-04 | CVE-2023-4460 | Uploading SVG Webp AND ICO Files Project | Cross-site Scripting vulnerability in Uploading Svg, Webp and ICO Files Project Uploading Svg, Webp and ICO Files 1.0.1 The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 5.4 |
2023-12-04 | CVE-2023-48866 | Grocy Project | Cross-site Scripting vulnerability in Grocy Project Grocy A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies. | 5.4 |
2023-12-04 | CVE-2023-44301 | Dell | Cross-site Scripting vulnerability in Dell Powerprotect Data Manager Dm5500 Firmware Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. | 5.4 |
2023-12-10 | CVE-2023-50453 | Zammad | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
2023-12-10 | CVE-2023-50456 | Zammad | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
2023-12-09 | CVE-2023-50428 | Bitcoin Bitcoinknots | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. | 5.3 |
2023-12-08 | CVE-2023-46493 | Evershop | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 |
2023-12-08 | CVE-2023-6615 | Typecho | Unspecified vulnerability in Typecho 1.2.1 A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. | 5.3 |
2023-12-07 | CVE-2023-46871 | Gpac | Memory Leak vulnerability in Gpac GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. | 5.3 |
2023-12-07 | CVE-2023-35909 | Ninjaforms | Unspecified vulnerability in Ninjaforms Ninja Forms Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. | 5.3 |
2023-12-07 | CVE-2023-43298 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 |
2023-12-07 | CVE-2023-43299 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 |
2023-12-07 | CVE-2023-48205 | Jorani | Injection vulnerability in Jorani Leave Management System 1.0.2 Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | 5.3 |
2023-12-06 | CVE-2023-39326 | Golang | Unspecified vulnerability in Golang GO A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. | 5.3 |
2023-12-06 | CVE-2023-6393 | Redhat | Unspecified vulnerability in Redhat Build of Quarkus A flaw was found in the Quarkus Cache Runtime. | 5.3 |
2023-12-06 | CVE-2023-6273 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Permission management vulnerability in the module for disabling Sound Booster. | 5.3 |
2023-12-06 | CVE-2023-6459 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. | 5.3 |
2023-12-05 | CVE-2023-49282 | Microsoft | Unspecified vulnerability in Microsoft Graph 1.16.0/2.0.0 msgraph-sdk-php is the Microsoft Graph Library for PHP. | 5.3 |
2023-12-05 | CVE-2023-49283 | Microsoft | Unspecified vulnerability in Microsoft Graph microsoft-graph-core the Microsoft Graph Library for PHP. | 5.3 |
2023-12-05 | CVE-2023-6180 | Cloudflare | Memory Leak vulnerability in Cloudflare Boring 4.0.0 The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. | 5.3 |
2023-12-05 | CVE-2023-42579 | Samsung | Cleartext Transmission of Sensitive Information vulnerability in Samsung Keyboard Improper usage of insecure protocol (i.e. | 5.3 |
2023-12-05 | CVE-2023-49290 | Lestrrat GO | Unspecified vulnerability in Lestrrat-Go JWX lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. | 5.3 |
2023-12-05 | CVE-2023-42559 | Samsung | Improper Handling of Exceptional Conditions vulnerability in Samsung Android 11.0/14.0 Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. | 5.2 |
2023-12-08 | CVE-2023-6507 | Python | Unspecified vulnerability in Python 3.12.0/3.13.0 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. | 4.9 |
2023-12-08 | CVE-2023-48397 | Out-of-bounds Read vulnerability in Google Android In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.9 | |
2023-12-08 | CVE-2023-48413 | Out-of-bounds Read vulnerability in Google Android In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.9 | |
2023-12-08 | CVE-2023-6613 | Typecho | Unspecified vulnerability in Typecho 1.2.1 A vulnerability classified as problematic has been found in Typecho 1.2.1. | 4.8 |
2023-12-05 | CVE-2023-49292 | Ecies | Unspecified vulnerability in Ecies GO ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. | 4.8 |
2023-12-04 | CVE-2023-40461 | Sierrawireless | Cross-site Scripting vulnerability in Sierrawireless Aleos The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. | 4.8 |
2023-12-04 | CVE-2023-5137 | Shooflysolutions | Cross-site Scripting vulnerability in Shooflysolutions Simply Excerpts The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | 4.8 |
2023-12-04 | CVE-2023-5809 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-12-04 | CVE-2023-5874 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-12-10 | CVE-2023-5870 | Postgresql Redhat | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. | 4.4 |
2023-12-05 | CVE-2023-45083 | Softiron | Improper Privilege Management vulnerability in Softiron Hypercloud An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. | 4.4 |
2023-12-05 | CVE-2023-42568 | Samsung | Unspecified vulnerability in Samsung Android 12.0/13.0 Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | 4.4 |
2023-12-04 | CVE-2023-32852 | Unspecified vulnerability in Google Android 11.0/12.0/13.0 In cameraisp, there is a possible information disclosure due to improper input validation. | 4.4 | |
2023-12-04 | CVE-2023-32856 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display, there is a possible out of bounds read due to an incorrect status check. | 4.4 | |
2023-12-04 | CVE-2023-32857 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In display, there is a possible out of bounds read due to an incorrect status check. | 4.4 | |
2023-12-04 | CVE-2023-32858 | Unspecified vulnerability in Google Android 13.0 In GZ, there is a possible information disclosure due to a missing data erasing. | 4.4 | |
2023-12-04 | CVE-2023-42679 | Out-of-bounds Write vulnerability in Google Android 11.0 In gpu driver, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42680 | Out-of-bounds Read vulnerability in Google Android 11.0 In gpu driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42682 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In gsp driver, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42683 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In gsp driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42684 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In gsp driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42724 | Out-of-bounds Read vulnerability in Google Android 11.0 In gpu driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42725 | Out-of-bounds Read vulnerability in Google Android 11.0 In gpu driver, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42726 | Out-of-bounds Read vulnerability in Google Android 11.0 In TeleService, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42727 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42729 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In ril service, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42731 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In Gnss service, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-12-04 | CVE-2023-42735 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In telephony service, there is a possible missing permission check. | 4.4 | |
2023-12-04 | CVE-2023-42751 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In gnss service, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-12-10 | CVE-2023-50457 | Zammad | Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 4.3 |
2023-12-10 | CVE-2023-5868 | Postgresql Redhat | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. | 4.3 |
2023-12-10 | CVE-2023-6653 | Phpgurukul | Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0 A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. | 4.3 |
2023-12-09 | CVE-2023-28871 | NCP E | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | 4.3 |
2023-12-08 | CVE-2023-48311 | Jupyter | Unspecified vulnerability in Jupyter Dockerspawner dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. | 4.3 |
2023-12-08 | CVE-2023-6599 | Microweber | Improper Handling of Exceptional Conditions vulnerability in Microweber Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | 4.3 |
2023-12-07 | CVE-2023-6577 | Byzoro | Path Traversal vulnerability in Byzoro Patrolflow-Am-2530Pro Firmware 20231126 A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. | 4.3 |
2023-12-07 | CVE-2023-49746 | Softaculous | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Speedycache Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. | 4.3 |
2023-12-07 | CVE-2023-46916 | Maximawatches | Unspecified vulnerability in Maximawatches Maxima MAX PRO Power Firmware 1.0486A Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. | 4.3 |
2023-12-07 | CVE-2023-5710 | Bowo | Missing Authorization vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. | 4.3 |
2023-12-07 | CVE-2023-5711 | Bowo | Missing Authorization vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. | 4.3 |
2023-12-07 | CVE-2023-5712 | Bowo | Missing Authorization vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. | 4.3 |
2023-12-07 | CVE-2023-5713 | Bowo | Missing Authorization vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. | 4.3 |
2023-12-07 | CVE-2023-5714 | Bowo | Missing Authorization vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. | 4.3 |
2023-12-06 | CVE-2023-45210 | Pleasanter | Unspecified vulnerability in Pleasanter Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | 4.3 |
2023-12-06 | CVE-2023-6511 | Debian Fedoraproject | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. | 4.3 |
2023-12-06 | CVE-2023-28876 | Afian | Unspecified vulnerability in Afian Filerun A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | 4.3 |
2023-12-05 | CVE-2022-24403 | Midnightblue | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Midnightblue Tetra:Burst The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). | 4.3 |
2023-12-04 | CVE-2023-49080 | Jupyter | Unspecified vulnerability in Jupyter Server The Jupyter Server provides the backend (i.e. | 4.3 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-05 | CVE-2023-45085 | Softiron | Improper Initialization vulnerability in Softiron Hypercloud 2.0.0/2.0.1/2.0.2 An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. | 3.3 |
2023-12-05 | CVE-2023-42569 | Samsung | Incorrect Authorization vulnerability in Samsung Android 11.0/13.0 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | 3.3 |
2023-12-05 | CVE-2023-42570 | Samsung | Unspecified vulnerability in Samsung Android 11.0/14.0 Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | 3.3 |
2023-12-09 | CVE-2023-6120 | Collne | Path Traversal vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. | 2.7 |
2023-12-08 | CVE-2023-6614 | Typecho | Unspecified vulnerability in Typecho 1.2.1 A vulnerability classified as problematic was found in Typecho 1.2.1. | 2.7 |
2023-12-05 | CVE-2023-42577 | Samsung | Unspecified vulnerability in Samsung Voice Recorder 21.4.15.01 Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | 2.4 |